ramblings of the village idiot

While I may not agree that these are the top 21 mistakes, most of them are mistakes that are easy to make:

Top 21 PHP programming mistakes

Certainly worth the read.

In May, I picked up a cheap Dell Inspiron 6000 refurbished from Dell; it was pretty much built up exactly the way I wanted it, except it included a CD Burner/DVD Reader instead of a DVD burner. Having a DVD burner is pretty much a necessity when taking digital pictures on trips; I generally shoot at least a couple gigs of pictures, and burning that onto CD’s is annoying. I’ve been watching the DVD burners for this laptop on eBay and such, but they generally go for $115+ – more than I wanted to pay. Then, I saw a SlickDeals ad for a NEC ND-6650 slimline drive at NewEgg (for $70), with a notation saying it was compatible with most modern laptops. “No way!”, I said. I pulled the drive out of my laptop, and compared it with NewEgg’s pictures, and it looked gosh-darn-near identical. I then bugged one of my coworkers who had a DVD burner in her 6000, and found that it was a NEC ND-6500. It looks like this drive may just work! I decided to pull the trigger and pick it up, and it arrived today.. swapped it in, and it works great. The only problem is that it had a different bezel on it that wasn’t flush to the outside of the case, and had a bit of a gap that would let crud get into the drive. I just swapped the bezel from my old drive onto my new drive, and it’s perfect again. And now I can burn DVD’s without a DVD-RW notation on the outside of the drive – amazing! Time to go wow all my friends.. err, wait a sec, they will just laugh. Ah well.

In any case, thanks to SlickDeals and NewEgg, I saved about $50 on a laptop-size DVD burner.. yay!

Nikon has finally announced the new D200! 10mp, support for recording GPS coordinates in your EXIF tags, 1800 images on a single charge, 802.11b/g image transfers, and a bunch of other sweet features.

Press release at:

http://www.dpreview.com/news/0511/05110104nikond200.asp

Full preview at:

http://www.dpreview.com/articles/nikond200/

I just upgraded the Linux kernel on my laptop to 2.6.13.3, and in the process had to upgrade the ipw2200 (Intel Wireless Drivers) to version 1.0.8. After the upgrade, no matter what I did, I couldn’t get wpa_supplicant to work – it kept returning an error saying:

ioctl[IPW_IOCTL_WPA_SUPPLICANT]: Operation not supported

I finally figured it out – the new kernel supports Wireless Extensions version 18, which support WPA natively, and the ipw2200 drivers have been updated to use these WPA calls instead of it’s own. So, you need to change the ‘-Dipw’ on your wpa_supplicant startup line to ‘-Dwext’. Once I made that change, it fired right back up – wasted a *lot* of time trying to figure it out, too!

Up until this morning, I had some pictures inside of one of Time Warner Telecom’s central offices on my site; they were taken (with permission) when a client was looking for colocation space (said client ended up colocating at ipHouse – good place!). Originally, I had them posted to a private area of my site, but I must’ve accidently pushed them to the public images directory at some point. In any case, I got a voicemail from one of Time Warner’s Public Relations reps today, saying that they’d like the pictures removed.. since I really had no reason to keep the pictures, I tore them down. I just find it rather amusing that they actually care about some pictures on a little site like mine! I guess the fact that the pictures do turn up on a Google Image Search for ‘twtelecom’ probably has something to do with it.. if they were named something else, they likely never would have even noticed.

Grilled cheese with tomato soup is an old favorite of mine, so of course when I saw Alton Brown’s “Good Eats” episode entitled ” For Whom the Cheese Melts” that ended with a nifty recipe grilled cheese sandwich, I just had to try it out! The basic idea is to smear one of the pieces of bread with dijon mustard (even if you hate mustard, bear with this – you don’t really taste it), use shredded cheese instead of slices, and cook with a bit of olive oil instead of buttering the bread at all. He recommended heating two cast iron pans, and cooking between them, but I just did the old fashion griddle method, with a heavy pan on top of the sandwich as it cooks. In any case, it turned out great — it’s quite an interesting flavor; it doesn’t really taste like mustard, but just adds a bit of zing to the sandwich. I’d recommend it!

If you’ve never seen it before, you need to check out opacity.us. The site’s run by an urban explorer who is kind enough to take pictures of the places he’s explored. Most sites are hospitals, but he does have a few industrial sites on there, too. Some of the pictures are just amazing.. kind of “photos from the dark side” or something.

I was given a few gift certificates to Jensen’s Supper Club in Eagan, MN, and Tiff and I figured we’d drag a few friends along with us (thanks Erika and Tom!) to check it out. I didn’t quite know what to expect, but it was great! We started out with calamaris and martinis.. both were excellent. I’ve not enjoyed the martinis I’d had before (either too strong or too sweet), but the fine folk at Jensen’s mixed up my Lemon Drop just right. For dinner, we shared a side of garlic mashed potatoes, and I had the prime rib for dinner. For once, when I ordered the meat medium-rare, it actually arrived medium-rare.. my experience at other restaurants is generally that they will overcook the meat, no matter what you order. My fellow diners tried the shrimp and the walleye, and they were also pleased. The service was quick and efficient.. our server was there whenever we needed her, but she didn’t hover annoyingly around the table — always a good thing! To top off the night, the couple at the table next to us got engaged.. that was quite an experience to watch. In any case, I’d rate Jensen’s as highly recommended.. just be prepared to drop a bit of cash; it’s fairly affordable for the quality of the food, but it’s certainly more expensive than your generic chain. Oh, yeah, and you probably want reservations. Enjoy!

While at the office today, we discovered a new syndrome.. one of my coworkers spontaneously turned around and said “the firewall!”, and then nothing else. The rest of us, of course, assumed there was a problem with one of our many firewalls. Alas, that was not the case – we still have no idea why the statement was thrown out there. A new syndrome was born! Paul, the wise man that he is,immediately threw out a name for it — “Sysadmin’s Tourette”. Makes sense to me!

My wife decided to surprise me, and picked up tickets for the Stomp show at the Ordway tonight. I’d never seen the show before; it was a blast! If you’re in the Minneapolis area, and haven’t seen it, I’d highly recommended stopping in. Not the best show for young kids or anyone else sensitive to loud noises, though..

I was trying to set up BackupPC to back up a couple Windows XP Professional boxes this afternoon, and ran into some problems. I couldn’t access the ‘C$’ share on the system from the BackupPC server, even when logging into the Windows box as an administrator. So, I tried creating a share for all of C:, and found that the file sharing code won’t let you set permissions for the share, or even a password! For one of the boxes, having a read-only share to the root drive open wouldn’t have been a huge deal, so I figured I’d give it a shot.. however, when I attempted a backup, I wasn’t able to get any user data out of their “Documents and Settings” folders. I finally dug around a bit more, and figured out that you can disable ‘Simple Sharing’ for XP. To do this, load an Explorer window, and go to Tools->Folder Options. Go to the ‘View’ tab, and scroll all the way down. Uncheck the ‘Use Simple Sharing (Recommended)’ option. After you do this, you’ll be able to share folders as usual (with full permission granularity and such), and you will also be able to access the C$ share if you log in as an administrator. Go Microsoft! (Yeah, that was sarcasm..)

One of my jobs at work is to help maintain our monitoring infrastructure. When I started, it was based purely on OpenNMS; we’ve found that it did not support what we needed for problem acknowledgement, outage scheduling, and various other routine tasks. I’ve supplemented Nagios, which I used extensively at a previous employer, and it’s working out well – it’s just quite a bit of work to maintain the config files, and there is a bit of a learning curve for people who haven’t used it before to learn how to configure it. However, I’m always interested in looking at new solutions, and the opportunity to demo a few recently came my way. One of my coworkers recently attended LinuxWorld, and saw that there were quite a few monitoring companies. He passed a couple of them my name, and asked them to contact me so we could take a look at their products. My employer is perfectly willing to pay hard cash for monitoring tools, if they have enough of an advantage over the open source products. Two of the companies have contacted me so far – IT Groundwork and Heroix. Both products are rather interesting. IT Groundwork is selling a suite of products based on open source solutions, backed by commercial support. Heroix is pushing their new “agentless” monitoring solution, which is called Longitude. I’ve gone through an online demonstration of each product, accompanied by my manager and one of my fellow systems administrators. Let me detail what I thought of each solution.

First, I’ll discuss my impressions of IT Groundwork’s product suite. They are using Nagios on the backend (which I like!), but have done a lot of work with it. They’ve added a database layer in the middle, where configuration and statistics information is stored (this is based on MySQL.) They have also implemented a totally new GUI for Nagios, with a more streamlined status viewer (you can see screenshots here), a web-based configuration tool with lots of support for profiles and such, and various other nifty tools. They have also open sourced the viewer and config tool, which is very nice! With their product, it looks like you can fairly easily set up syslog-ng (and various other tools) to submit passive checks, which will let you do all of your notifications through one interface. List price for the solution is $16,000 for a single monitoring server, plus $5000 per remote server to pass checks back, or for another server for a HA configuration. The price is an annual fee, and includes unlimited support and upgrades. However, if you do decide to cancel your subscription, you can keep the software.

After reviewing IT Groundwork’s solution, we talked to Heroix about their Longitude platform. The thing that intrigued me the most about their product is the fact that it is “agentless” – it monitors your boxes with standard programs you’ve likely got installed already. For example, Windows is monitored with WMI calls, and UNIX boxes are monitored via SSH. The platform looked trivial to set up, and the reporting options appeared to be very nice (although the people running the demo did have a couple issues with it.. I asked them how to create a simple SLA report showing the responsiveness of a web server over the last 10 days, and they weren’t able to figure out how to do that on the demo server they had set up. Of course, the people doing the demonstration were not the people that would assist on an actual install, so I don’t know how fair of a question it was.. I do think that I saw what was required to set up the report properly, however – it just gives you plenty of power to shoot yourself in the foot.) The biggest question I have with it is how hard it is to do custom checks. I asked many questions about this, and apparently, the only current way to do a custom check is to do some custom hacking on their Java code. They will do it for you (or a charge), or they can train you how to do it (also for a charge). This kind of frightens me — I really do prefer to be able to tweak my own monitoring system however I want, without having to be a Java programmer. I guess I’m spoiled with Nagios, and the ability to write custom checks in the language of your choice, and just tell Nagios what the results of the check were via a return code. In any case, Heroix is also rather expensive (list price, at least) – the base price is $299 per monitored server to just monitor the host itself, and do things like basic HTTP GET’s; if you want to monitor an application with one of their special Application Monitors on that host (such as Apache, Oracle, Exchange, etc), then it’s $599 for that license. For our situation (clusters of servers serving up identical content behind a load balancer – so *lots* of servers, plus a nearly identical setup at a disaster recovery site that needs to be monitored also), that just really isn’t reasonable at all – the cost would shoot into the tens of thousands of dollars in no time. The sales rep we talked to wants to get an idea of our network layout, however, and he’ll see what he can do – it sounds like they do have the ability to tailor pricing for your situation. Unlike the IT Groundwork solution, this is not an annual fee – if you want support (including upgrades), you just pay an extra 18% a year maintenance fee. The people we talked to are also going to ask around about some of my other questions (like the possibility of a Perl API to write custom checks), and should be getting back to me on that next week.

So, what monitoring system will we choose? I have a gut feeling that the answer will probably be the status quo of Nagios and OpenNMS, as the other solutions most likely aren’t going to offer any huge benefits for the price differences (especially when IT Groundwork is giving away the configuration and status viewer components for free!) Only time will tell, however!

[This page originally lived at http://www.natecarlson.com/linux/mimedefang-ldap-prefs.php. I am working on migrating all content over to WordPress, which is why this post exists. This document is mostly up-to-date; please leave a comment with any changes!]

This document describes how to set up my patches for Mimedefang which allow you to store per-user preferences for SpamAssassin in LDAP. If you run into any problems, please drop me an e-mail at ipsec@natecarlson.com

First of all, let’s go over some background info on Mimedefang, in case you’re not familiar with it. Mimedefang is a program that ties into Sendmail using the Milter API. It allows you to do basically whatever type of filtering you’d like in Perl. It has built-in ties to SpamAssasin, virus scanners, and many other useful programs. More information is available at the web site.

Note that the authors of Mimedefang do offer a commercial program called Can-It Pro! that integrates per-user preferences, per-user bayesian filters, and many other nice features with a slick web front-end. This is available from Roaring Penguin, at http://www.roaringpenguin.com. If you’d like per-user everything, with a nice management interface, check it out! My previous employer is also a Can-It reseller; if you’d like more information, their site is at http://www.real-time.com.

One of the weaknesses in Mimedefang’s ties to SpamAssassin are that there isn’t any good way to implement per-user preferences and such. SpamAssassin 3.0 and above has support for storing the preferences in LDAP or MySQL, so I figured it was time to try to figure out a method of having per-user preferences. Since my users are already in LDAP, it seemed to make sense to store the preferences in LDAP, so that’s the approach I took. This code should be easily adaptable to store preferences in MySQL instead, though.

Note that this code does not seem to work if enable Mimedefang’s embedded perl interpretor.

Now, to the code!

[ad name=”Google Adsense 728×90″]

Contents:
Download patch, rebuild Mimedefang
Configure SpamAssassin for LDAP preferences
Configure Slapd for LDAP preferences
Configure your mimedefang-filter to use LDAP
Add SpamAssassin Attributes, and test!
My TODO List

Download patch, rebuild Mimedefang

My patch to enable LDAP in Mimedefang is available from:
http://www.natecarlson.com/downloads/mimedefang/mimedefang-sa-prefs-ldap.patch

You’ll need to apply this to the root of the Mimedefang source, and rebuild and reinstall Mimedefang. The patch will also probably apply to /usr/bin/mimedefang.pl, but I haven’t tested that. If you’re a Debian Testing user, I have a deb package available at:
http://www.natecarlson.com/downloads/mimedefang/mimedefang_2.51-2.nc.1_i386.deb

This package is based on Debian’s Mimedefang 2.51-2 package.

Configure SpamAssassin for LDAP preferences

You’ll need to configure SpamAssassin to use LDAP as your preference container. I personally put the configuration in /etc/mail/spamassassin/prefs-ldap.cf. Here’s what I use:

user_scores_dsn ldap://ldap.server/dc=example,dc=com?spamassassin?sub?uid=__USERNAME__
user_scores_ldap_username cn=binduser,dc=example,dc=com
user_scores_ldap_password bindpw

You’ll need to create a user to bind to the LDAP server as, along with a password. I haven’t managed to convince SpamAssassin to do an anonymous bind yet; if you do figure this out, please let me know. This example will search for an entry with the attribute ‘uid’ equal to the username (passed from Mimedefang in the filter section below). Edit as needed.

Configure Slapd for LDAP preferences
You’ll also need to set up the schema for your LDAP server to support the SpamAssassin tag. Based on the sample documentation with SpamAssassin, I edited ‘/etc/ldap/schema/inetorgperson.schema’, and added the following:

spamassassin
see http://SpamAssassin.org/ .
attributetype ( 2.16.840.1.113730.3.1.220
NAME 'spamassassin'
DESC 'SpamAssassin user preferences settings'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )

You’ll also need to add ‘$ spamassassin’ to the end of the ‘MAY’ entry at the end of the file. Once you’ve added these entries, restart slapd, and make sure you don’t get any errors.

Configure your mimedefang-filter to use LDAP

The next step is to configure your mimedefang-filter to use the new code.

My patch to the example config file is available from:
http://www.natecarlson.com/downloads/mimedefang/mimedefang-ldap-filter.patch

This should be pretty self-explanitory. Search for XXXXX’s for things you need to fill in (LDAP server and base). My example code will search the ldap server for the first recipient, as ‘mail=mail@domain’ and for just ‘mail=@domain’. You’ll likely want to replace the get_username_ldap subroutine altogether, depending on your needs. Be sure to test your config with ‘mimedefang.pl -test’, and then reload your config.

Add SpamAssassin Attributes, and test!

Once you’ve got all of the above set up, you should be set to go. First thing you’ll want to do is add some SpamAssassin preferences to the LDAP database. You want to add an attribute of ‘spamassassin’ with a value of ‘sa_config_option config_value’. For example, to whitelist mail from ‘user@example.com’ to your user named ‘nate’ in LDAP, you’d add the attribute ‘spamassassin’ with a value of ‘whitelist_from user@example.com’ to the ‘nate’ user. Then, send a mail through, and see if it worked!

My TODO List

• Write a web-based interface to modify user’s SpamAssassin entries
• Write better documentation, with more details
• Add support for MySQL preferences
• Document using Bayes in MySQL for individual users (it works, just have to config it)
• Lots more, I’m sure!

[This page originally lived at http://www.natecarlson.com/linux/sanyo-4900.php. I am working on migrating all content over to WordPress, which is why this post exists. The original post is ancient, but most of the comments still apply to modern phones and 3G plans.]

This document describes how to connect a Linux box to Sprint’s “Vision” (3G) network using a Sanyo SCP-4900 and the PCS Connection Kit USB cable.

$Id: sanyo-4900.php,v 1.17 2005/09/21 15:54:10 natecars Exp $

Background:
**NOTE**: I have not had my Sprint phone in over a year; I am now using T-Mobile’s wireless data service when I need it. It’s slower, but I like T-Mobile’s phones better. Sprint does also now state that you are not supposed to use your Vision service with a laptop unless you pay laptop prices, or they will cut you off. YMMV. People who have Sprint phones do tell me that the below still seems to work.

In my ever-lasting search for high speed wireless internet access, I decided to try out Sprint PCS’s new Vision service. They recently dropped their prices. For $40/mo, I’m getting 300 anytime minutes, free long distance, and unlimited ‘high speed’ (56-144k) data (this is the Vision service). The best part is that the data service is simple to get working with Linux – all you need is the proper USB drivers, and the knowledge to set up a PPP connection. The phone’s cost varies from free to $150 (depending on what deal you get). Sprint used to sell the data cable (with Windows software) for $69.99, but it’s no longer available from them. You can get it from Sanyo directly for $29.99, from https://store.sanyousa.com/osb/itemdetails.cfm/ID/74. Radio Shack and various other stores also carry the cable. I’ve also used the setup instructions below with a Samsumg A500 phone and the proper USB cable, which worked fine.

NOTE: There are conflicting reports to what exactly Sprint means by ‘unlimited vision’. Apparently, they have told some people that the unlimited vision is for phone use only, and does not apply when you’re using the phone with the USB cable. The USB cable solution was actually recommended to me by an employee at a Sprint store to start with, and I checked with two other Sprint reps that it was acceptable use before purchasing. I can also confirm that I have not been charged for any Vision usage, beyond the standard $10/mo, even though I have been using it via the USB cable. But to protect yourself, be sure to check with your Sprint rep, and make sure that this use is acceptable before doing it. If you end up getting billed for the usage, don’t say I didn’t warn you!

Some other sites that have information on Sprint PCS equipment with Linux:
http://www.tummy.com/articles/laptops/merlin-c201/

First Step: Make sure your kernel has the right options
To use the PCS phone, you’ll need to have USB support for the USB card in your computer, and support for USB ACM devices (CONFIG_USB_ACM). The kernel included with recent versions of both Debian and RedHat includes everything you need. Also make sure you have hotplugging enabled, so that the modules will be loaded automatically.

Second Step: Plug in the phone, and watch the drivers load
All you need to do is plug in your phone, and all the drivers should be loaded automatically. Note that I have had a few cases where I needed to reset the phone to get the USB interface to show up. When I plug my phone in, I see the following:

Nov 5 19:35:29 knight kernel: hub.c: new USB device 00:07.2-1, assigned address 2
Nov 5 19:35:29 knight kernel: usb.c: USB device 2 (vend/prod 0x474/0x701) is not claimed by any active driver.
Nov 5 19:35:33 knight /etc/hotplug/usb.agent: Setup acm for USB product 474/701/0
Nov 5 19:35:33 knight kernel: usb.c: registered new driver acm
Nov 5 19:35:33 knight kernel: ttyACM0: USB ACM device
Nov 5 19:35:33 knight kernel: acm.c: v0.21:USB Abstract Control Model driver for USB modems and ISDN adapters

Third Step: Create a dialup connection
Now that you’ve got an ACM device, you just need to create a dialup connection. Note that the ACM device name may vary – just search through /dev for the proper device. On my (default) Debian install, it’s /dev/ttyACM0. On RedHat 7.3, it’s /dev/input/ttyACM0. Once you’ve found that, the number to dial to get a connection to the Vision network is ‘#777’ (which is #PPP on the keypad). So, use whatever method you prefer to create a dialer that will dial #777. On my Debian box, I’m using the standard ‘pon’ scripts. Here are the config files I use:

/etc/ppp/peers/sprint:

# You usually need this if there is no PAP authentication
noauth
# The chat script (be sure to edit that file, too!)
connect "/usr/sbin/chat -v -f /etc/chatscripts/sprint"
# Set up routing to go through this PPP link
defaultroute
# Use remote DNS
usepeerdns
# Default modem
/dev/ttyACM0
# Connect at high speed
230400
local
novj

/etc/chatscripts/sprint:

TIMEOUT         5
ABORT           '\nBUSY\r'
ABORT           '\nERROR\r'
ABORT           '\nNO ANSWER\r'
ABORT           '\nNO CARRIER\r'
ABORT           '\nNO DIALTONE\r'
ABORT           '\nRINGING\r\n\r\nRINGING\r'
''              \rAT
TIMEOUT         12
OK              ATD#777
TIMEOUT         22
CONNECT         ""

So, I run the command ‘pon sprint’ (if you’re on RedHat, try running ‘pppd call sprint’), wait a few seconds, and then start surfing. If you have problems with the above script not working, please try the script below (Thanks to Matthew Brichacek for the info):

TIMEOUT         5
ABORT           '\nBUSY\r'
ABORT           '\nERROR\r'
ABORT           '\nNO ANSWER\r'
ABORT           '\nNO CARRIER\r'
ABORT           '\nNO DIALTONE\r'
ABORT           '\nRINGING\r\n\r\nRINGING\r'
''              \rAT
TIMEOUT         12
OK		"ATZ"
OK		"ATE0V1"
OK		"AT+IFC=2,2"
OK              ATD#777
TIMEOUT         22
CONNECT         ""

Here in Minneapolis, I generally get ping times of 300-500ms, and download speeds of 7-12kbytes/sec. Not bad at all, considering it’s a connection I can take with me everywhere I go! Note that Sprint also gives you a (dynamic) public IP address, where the rest of the wireless phone connections I’ve tried have been NAT translated. This service works beautifully with FreeS/WAN as a VPN Client. Well, hope this has been helpful.. good luck getting your connection up!

If you have any comments on this document, please feel free to drop me an e-mail at: natecars@natecarlson.com. The contents of this page are freely distributable, as long as a link is provided to this page.

I’ve done what I suppose you could call a “redesign” to the site; it still looks about the same (except for the border around the pages), but it’s now entirely based on CSS, instead of using a kludge of CSS and tables. This should help those people who have had problems getting my pages to print. I’ve also updated the theme for the blog; it’s now based on Equix, and hacked up to no end. Now, to create a theme for the photo album…

Switchfoot’s new album shipped with (weak) DRM on the album media – it’s that Sony “DRM” that installs a TSR under Windows that prevents you from ripping the album. Apparently, though, the band was very upset with the fact that DRM was included, and has posted a guide on how to get around the DRM. I’m glad to see a band standing up for the rights of their fans. I’ve been a fan of Switchfoot for quite some time, and I’m really glad to see them doing things like this. Now, if they will just drop Sony, and get a distributor that will let the band dictate what’s on the album..

I’ve got the new backplane installed in the PowerVault 660F array. It sure was interesting to install – have to pull the entire array apart to get at it. I did find out that almost all of the weight is in the components – the actual casing for the array is light as a feather. Interestingly, after performing the swap-out, Dell’s OpenManage Array Manager software can no longer talk to the array, however, the storage manager from LSI Logic that runs under Linux still sees it just fine. I still need to figure out how to reset the service tag on the new backplane.. Array Manager is supposed to take care of it, but well, it’s not working! In any case, time to throw some data at Controller 1 again, and see if it goes *boom*..

Update: Been running Bonnie++ across both channels for the last 12 hours now; this would’ve generally been more than enough to crash it before. I’ll let it keep running the next couple days, and hope for the best..

Update #2: It’s been about 36 hours now, and still no crash… looks like Dell might have actually gotten the problem fixed! Considering we’ve replaced every component but the actual array itself, the power supplies, and the fan trays, I would hope that this fixes it.

I took a quick look at my stats today, and was shocked to find that Firefox had finally passed IE for the most-used browser. That rocks! It probably has a lot to do with the fact that most of the stuff on this site is for geeks, but still, it’s cool. Current top browsers are Firefox (40.49%), followed by IE (26.35%), and Konqueror (my current browser of choice) at 5.82%.

Openswan 2.4.0 has been released. Three biggest fixes:

• NAT-T support for KLIPS on 2.6 (Sponsored by Astaro)
• Additional Cipher support with KLIPS on 2.6 (Sponsored by Astaro)
• Fix for NAT-T/PSK rekey (Ulrich @ Astaro)

KLIPS on 2.6 should be big.. once they get it fully working on 2.6.13, I’ll have to give it a shot.

I installed WordPress last night, and added a link for the blog to my main page about an hour ago. Already I’m seeing requests from blog syndication services – wow! Various user agents that I’ve spotted: Blogslive, topicblogs, BlogSearch, Technoratibot, and Feedster Crawler. I have no idea how they found it so quick!

Update: I figured out that WordPress (the blog software I am using) automatically sends an update notification out when updating a story. That’s how they are all finding it. Ah well, still cool!