9:00 PM Bleh. Long day and I'm beat. No computer yet at work, so I have no access to email or the web or this site. It's been a while since I realized how dependent I am on the web; in short, very. <G> I get "twitchy" without my email.

Spent most of the weekend reading Bob's book, watching movies on the DVD player (Bond, mostly, plus "The Thomas Crown Affair" and "The Fugitive") and preparing for today. Spent today filling out paperwork and trying to figure out where the floor is; I'm still a little (or a lot) unsettled in this new job. Not that it's a bad job; far from it. It's just going to take some adjustments before I'm comfortable with it. It doesn't help that we're in a temporary office right now; we don't own the network, the phones, or the security systems, and those are three key elements of my job. Still, as temporary spaces go, they're comfortable; nice desks, good systems, even if their admins are a little slow. (Physically and mentally, but I didn't say that.) Supposedly, I'll have my computer by the end of the week, and I'm looking forward to it; it's an IBM ThinkPad 570, rather nicely equipped. It won't do all of my job, so I'm sure there'll be some other things roaming under my desk, but it sure will be nice to be mobile again.

Hopefully tomorrow I'll have some sort of connectivity; if so, I'll see you then, if not, the post will be late. TTFN.

Long day with no net access and lots of work. Such fun!

10:00 PM Sigh. Another long day. I'm getting the hang of this, though; I think this will be a pretty good job. I've spent the last few days redesigning our network; right now, you see, the office is a temporary "executive suite" leased from another company; which means our network is their network. Right now, we use a software VPN from RedCreek Software so that each workstation logs into the main company NT domain in San Mateo, California. It's slow, and the failure rate is up near 50%, but it works. I'm working on replacing that software VPN with a hardware solution, which will hopefully stabilize the situation.

But the fun doesn't stop there.

If we use the VPN for everything, we're sunk; all net access then has to travel over that link to San Mateo, then bout over the net and back through the VPN link to San Mateo. This would be bad; one problem with that VPN link and we are completely down.

What I'm looking at is a three-way Linux based router. Most of the Daynotes Gang members, myself included, have done Linux firewalls for their home networks; this will be a bit more complicated. One network card will control the local network; That'll be the "192-net," using DHCP to assign addresses in the non-routable 192.168.1. network range. Then there'll be the outside connection; that's just like any other router/firewall. But there'll be that third card; it will run to the hardware VPN router through the 192.168.255.* network; and the routing tables of the box will send all internal Siebel traffic over the VPN router. That way, if we choose, the VPN could even be on a separate network link.

The interesting part will be the routing tables (relatively easy; simply execute the command "/sbin/route add -net 100.0.0.0 netmask 255.0.0.0 gw 192.168.255.255 dev eth2", substituting the IP addresses as necessary, of course. The firewalling and Masq'ing, though - that's trickier. Let's say the outside world is on eth0, the LAN is eth1, and the VPN is eth2. I need to block all incoming traffic other than mail, SSH2, and POSSIBLY web; no problem. I need to MASQ all traffic from the 192.168.1. network from eth1 through eth0 - if it isn't destined for the VPN, of course. And all traffic that IS to go through the VPN shouldn't be MASQ'ed at all, it should simply be routed with it's original IP address. (My head is starting to hurt <G>.) All traffic from the VPN, just to close the last hole, should be denied unless from a certain range of addresses or originating from the 192.168.1. network. Oh - and PortSentry or the equivalent guarding everything else. Plus some possible security thingies in the DMZ.

I'm also working on a local domain (they don't have a choice, I'll be damned if I'll try to support users logging in with domain authentication across a VPN link) but that's pretty straightforward; I also want to rearrange email so that we keep our "siebel.com" email addresses, but the server is local. A daughter server, I think, rather than a separate setup and complex forwarding rules; both are possible, neither is simple, and looking at the pros and cons, it's almost a toss-up. I'll change my mind again, don't worry. <SEG>.

My head's hurting - let's talk about something more cheerful. My ne laptop. <G> Well, Siebel's laptop. An IBM StinkPad 570e, as I said before. Lots of toys, capable of dual-booting to Linux, and including a nifty "ultra-portable" docking base. The base unit fits so well there are people that don't know it comes off, and fully loaded that laptop and base weigh 6.2 pounds. That base contains the CD-ROM and floppy drive, and can also hold a ZIP drive, spare hard drive, and other goodies. The laptop itself weighs 4 pounds, with a 13.3" screen, integrated modem, PC Card slots, 500 MHz PIII, and up to 300+ MB of RAM. A very nice machine. I don't have mine yet, but I've been playing with a co-workers; I want mine. I hope to have it for this weekend; by Monday I'll have that sucker completely rebuilt. <SEG> I'm thinking 8 GB for NT, 4 GB for Mandrake Linux. The modem won't work under Linux, but everything else will; when I'm on the road, I'll just have to settle for Windows and SSH forwarding.

Oh, yeah, two last funnies from work today.

1. I officially got my formal offer letter today. I laughed a lot. Still, these things have to be done; in a bit of a hurry, too, since I've been an employee for three days...

2. I mentioned (I think) that I have limited net access at the office. There's a mobile IBM half-rack containing two servers and a flip-up LCD display by my desk; my net access consists of IE5 and Outlook Express on a base NT4 installation, at 640x480x16 colors on a NetFinity server with dual-733 processors and 1 GB of RAM. Now THAT's a workstation.

Good night.

9:30 PM I have GOT to get editing capability at work. That little LCD flatpanel is killing me, and the only editor I have available is Notepad. (Granted, I could use Notepad - but I'm not that desparate. Yet.) Do you know that there is no longer a single site on the internet that looks decent in 16 colors?

Well, Keri says it's Dave's fault for starting a fad; she can barely control her left hand after a day of typing. Doctor's visit tomorrow, but she already knows what the verdict is - one-hand typing for a while. Makes me start looking long at hard at Speech-To-Text software...

I got a lot done today. Turns out all those problems with the hardware VPN had a simple solution; it's broke. Not the configuration, the hardware. The manufacturer insists it's just the firmware, but even they haven't figured out how to update when you can't reliably communicate with the box. Spent quite a bit of time hacking out some more long-range planning, too - today's focus was on backup solutions. No firm decisions as yet, just my own prejudices on hardware and software and some discussion of needed capabilities.

I've also made the horrible discovery that tools are incredibly expensive. The last time I needed to completely replace a tool kit was a couple of years ago; for $100 I got a nice briefcase-size carrying case, every tool I needed, and quite a few I didn't. Well, the office owns not so much as a screwdriver (I brought in my own to assemble our printer and fax machine) so I went hunting for some tool kits. I wanted something similar; a carrying case, preferably one I could keep the laptop in as well, and the tools I would need for PC work and LAN work. No need for a LAN analyzer, at least not yet; just the basic hand tools and crimpers.

$100? No...

$200? No...

For a "basic" toolkit, which included my basic neccesities for both areas and a carrying case, $300. To get it that low, I had to custom-design a kit; it was over $400 for the pre-made one, but it included a lot of crap I don't want. Even the custom had a lot of that, but not as much.

This is my basic kit:

• Slotted Screwdrivers - from the timy 1/32 jeweler's to 1/4"
• Phillips Screwdrivers - jeweler's to #2 or #3
• Torx drivers - 3/16" and 1/4" (roughly)
• 5" needlenose pliers
• Wire cutters (4" diagonal)
• Flashlight - MagLites are my friend <G>
• Brushes - I like a good, 1/2" coarse round brush and a few finer-bristle as well
• Organizers - I like the little, 6 compartment fishing tackle boxes
• Dentist's mirror
• The cheap 3-wire parts grabber from a $10 Wal-Mart parts kit
• Voltmeter (mostly for power-supply testing; analog is fine for me)
• Crimper (RJ-11, RJ-45, and handset) (They want $50 to $150 for these now! Ye Gods!)
• Alcohol
• Rubbing alcohol, too (Did I say that? Ooops)
• Q-Tips (the foam ones; never, ever use cotton)
• ZRC (Zero Residue Cleaner)
• Compressed air (For thorough cleaning jobs - little ones, I just blow)
• My trusty DOS 6.22 boot floppy with CheckIt and NDD.EXE on it

There are other tools I use from time to time, but those are the basics. Nobody makes a kit with just that, though, and yet getting a decent case plus those parts would eat up too much time. Piffle.

Oh - and Shawn found some information on my still-not-arrived-yet-when-will-procurement-get-the-lead-out laptop. Here's his email:

----- Original Message -----
From: "Wallbridge, Shawn" <shawnw@elections.mb.ca>
To: <matt@rearviewmirror.org>
Sent: Thursday, May 25, 2000 12:02 PM
Subject: Thinkpad Modem under Linux

Actually it will work. IBM insisted that Lucent provide a driver for thier Winmodem chip for the ThinkPad's. Someone at the last Manitoba Unix User Group meeting was showing it off in a 390 (I think). I checked the Linux on Laptops page and the winmodem in my laptop (Toshiba 4090XDVD) works under Linux as well (same Lucent chip AFAIK).

Shawn

I might be getting my hands on a small stash of obsolete computers; 486s, four or five of them. Their owner hasn't been able to find a use for them, so he's planning to give them away; apparently, I'm the only one to express an interest so far. They'll make a nice X10 controller and a few "play areas." Never know when a spare box, even an obsolete one, might come in handy. Besides - that firewall box won't last forever.

Small bit of Mindless Link Propogation - there's a lengthy discussion on SlashDot about the release of Linux kernel 2.4.0-test1, kind of a Release Candidate 1 thing. I find it amusing how many people actually compared it to the Windows 2000 beta process; at first, people just complained about how long it was taking, and how many bugs were left. Then somebody made a comment about how similar that was to Windows 2000 - and instantly the criticism ceased. How strange. <G>.

Well, hell, Chris Ward-Johnson's the novel writer. I better wrap this up.