Wednesday, January 16, 2002

MacOS X DNS Management Today, as bad as it sounds was not a stupid day, merely a day of finding problems from previous stupid days. There are three core ways to handle ‘personal’ name space management under OsX (listed in order of what I guess could be consider best to worst). Run your own DNS server, which in many ways is a good idea (but requires some effort and is made very interesting if you are dealing with real IP space and un-routable IP space [192.168.x.x or 10.x.x.x]). Use Host files on the systems which need real name information (this is where I am right about now). Edit the local (or network) machines in the NetInfo data base. The second and third mechanisms are convenient because both offer the ability to setup a nice small name (e.g. foo) instead of typing some big huge mess (you can have a full name and a short name such as foo.baz.bar.long.name.com and foo). I have an iMac at work which I use for testing (most recently of Applets, Servlets and EJB’s) which is running 10.0.4. I was trying some significant code changes, which I expected to run without a hitch (aka lazy mode, always bites you in the rear). The test application hung every time I ran it. Unfortunately, the app server(s) (JBoss & Tomcat) and all my server code were also there, so I can’t say what is broken. Everything worked fine here a ‘few days ago’ and it had worked at home this morning. Time for some digging… First I tried some basic stuff. Watch the logs and telnet on the ports in question, make sure the connections are open. Everything seemed in order. Eventually, I paid attention to the data coming back from a probe on 1099 (the port used by JBoss to ‘find’ things). The name looked funny… huh? So I duplicated it. A name was being returned as the address for an EJB which no longer existed. The name registry system was telling my test application to connect to a server name which no longer existed (and the name lookup was timing out). Yikes! The name rang some alarm bells. We’ve been playing internal net games for some time and early last week I got dragged from one network to another (at which point in time I bitched) to another. I’d twiddled all the important stuff (or so I thought). Remember when I said I was using host files for name resolution? The iMac configuration predated all of that. I think I set it up under DP3 (or maybe DP4), and had been exporting and re-importing this config for a while now. Lo’ and behold, when I got transferred from net to net, I missed the fact that I had a couple of systems (including this one) configured with machine info. . When java applications asked for the complete host name, they got the NetInfo settings which were now very out of date. Everything else seemed to work correctly, but you never know, not really… 10:44:25 PM

Security Stuff The January 2002 Crypto-Gram is out. If you run unix (pick a flavor) systems, or have the typical geeks collection of routers and switches and airports (oh my!), then you need to read Bruce Schneier’s newsletter, period. Speaking of security (oh boy) … Shortly after reading Crypto-Gram, I did something at work that made me a little worried. I mounted my home system via AppleTalk/IP. Well, so, what’s the problem? I mounted the wrong system (the one that crashes a lot, I was expecting the other box, where I have a good filter set). At first I figured I had port forwarded 548 to the wrong machine. But no, sadly, I’d somehow left this machine in the DMZ (because of a game). What a yutz. So now I guess I get to use ipfw rules on ALL my systems (just in case I do something really stupid again). Bad Dave, very bad Dave (still kicking self in butt). BTW, how do you catch fragmented packets in ipfw (I know how it's done in ipfilter)? 9:40:39 PM

MacOS X Woes (cont.) Make that six kernel panics since Monday morning. Crap. G4/DP/500, 768M, several partitions. I am getting sooooo ready to go back to 10.1. And I thought losing my keyboard and having to switch back and forth once every half hour was bad. Sheesh. 11:28:33 AM

Li’l Bill & Hill As Cory on bOing bOing put it so eloquently, This. Is. Amazing. In a nutshell, it’s fan site for a fantasy show about Bill & Hillary (sort of). I guess you’d have to call this web art. Well worth seeing! [bOing bOing] 9:03:40 AM

MacOS X Woes I’ve got to find out what is causing these kernel panics under OsX (five since Monday morning). Every single time it looks like a USB issue (looking at the backtrace information on screen). I wonder if I can use gdb from another system to actually poke around and see something useful at this point in time? I finally gave up and yanked the USB hub. I’ve still got a non Apple keyboard and mouse going through a Miniview 2 port KVM and my SanDisk flash card reader hooked up, all the other USB gear is offline. We'll see… 7:17:19 AM

© Copyright 2002 Dave Ely.