Naahhh,

There are people out there who still believe security is an overrated issue not worthy of their time. “There are more important issues” (disclaimer: I work for an IT security firm?)

Zero in a bit’s article: MBTA Hack shows security hasn’t improved in 10 years reminds us that IT security in the broader context of society, can be a life or death situation. I may not care about your losing money, but I sure as hell care if your security failings can cause me loss of life, limb, and/or liberty.

Zero in a bit references hacks that can literally ‘stop your heart.’ Which draws us to other examples of security failings that can be disastrous. I sure don’t want the Rail System I’m running on hacked, they’ve got computers all over the network (i.e. in every suburb they have a train station) and you can just imagine the day when someone plugs in a wireless modem onto one of those desktops and gives some hacker direct access into the Rail Information System.

I’ve got enough problems with the current timetabling then to have some hacker running the system as if it’s their private train-set and trying to crash the trains together.

Continuing the medical security scenario, we are reminded that software security isn’t just about protecting the “system” from outside interference, in its holistic sense, software security is about protecting the software from itself. We don’t want to be sitting under an X-Ray, Laser cutter when the machine has a buffer overflow and decides to give you 10x or 1000x dosage. Wait, that already happened.

Took off my jacket @ Newtown station because the night air, though chilly, was warm enough for only a single ‘jumper/cardigan.’

Train gets in, I get on, and immediately have to put the jacket back on. Geez the train is freezing.

But let’s just blame the State Government Owned, and Operated Railroad operators for the continuing incompetence. Or, better yet, let’s blame the lackey worker who has to put in double-shifts and isn’t allowed to question the efficiency of the network. After all, the current government (State) has only had 10+ years running the show, they haven’t yet completely put their buddies into all posts in the organisation.

The previous government really screwed things up when they sacked all those incompetent managers and replaced everyone. 10 years is about minimum to get our buddies back into the system and totally screw the populace.

Democracy, the NSW freedom to ‘game’ the system so you can legally screw people!

With the right amount of money, what is the ‘real’ difference between democracy and dictatorship?

My sister-in-law suffered sadly for beauty on Saturday, then spent Sunday coiled up in front of the television keeping warm (supposedly) or was that not going to church so she could watch movies.

It seems a sad maxim of the ‘civilised society’ that so many link their self-worth to their exterior outlook, or just as sadly the number of brand things dangling.

Too sady, too true.

As I continue my mundane, but necessary, rituals of getting up in the morning slogging the way to the train station to get to work and back it’s good to be reminded of the mortality that is life. Lu’isa Tae Kami passed away over the week-end and having lived her life to the max, in such a short time, she’s given those around her a great opportunity to reflect on their own mortality, and purpose in life.

16 August 11:40pm... Gone Home...

Tae passed on in her sleep at 11:40pm this evening. She mentioned this morning she might be gone by midnight and kept her word. Heaven must be buzzing as she flies through its gates new body, new heart and spirit intact.

She has asked that the theme for her service be taken from the Bible -  Romans chapter 8 - "the whole chapter". Tonight I can only think of the verse: All things work for good for those who love the Lord, who are called according to His purpose...

You can follow the celebration of life, funeral proceedings on the above page. You can also find out a heck of a lot about her journey from the site, and on her Bebo page.  Included in the links on her Bebo page should be heaps of videos from all over the place (including Tonga and NZ Television) documenting her life and her influence on the Tonga and Pasifika communities.

Our thoughts and prayers go out to Taholo and Sina, siblings and the rest of the clan and very very extended family from Tae’s ‘family.’

Tae’s journey with cancer has been draining and fullfilling for her immediate family and a new extended extended family that have grown out of her needs but especially because of the composure and faith she has shown “forged in fire.”

Walk on Walk Strong Tae, and may we meet with you again.

Rail travellers are used to private papers hawking themselves for FREE espousing some agenda (I don’t know because I don’t read it often enough) providing quick, short term entertainment and presumably paid by advertisers.

This morning we were greeted at the gate to Bankstown Rail by a hawker giving away free Daily Telegraph rags, wow. Everyone at the station seemed to have a copy, whilst other stations didn’t have travellers getting on loaded down with the paper.

Kudos to the Telegraph for trying to get their message out. There used to be a reason when the regular print press would give away free copies, but this time around I’m mystified.

Of course, my dad religiously buys the paper so they’ve wrung their litre of blood from our family.

Dad’s rugby fanaticism hasn’t spilled over to buying the “the official” paper for the NSW Rugby Team – Waratahs (one of the sponsors being the Sydney Morning Herald www.smh.com.au)

Some people have their act together, and the abstracts have come out for the up-coming Talanoa Conference. Some of them sound really interesting, and some of them a just ‘interesting.’

2008 Conference
Mana, Vanua, Talanoa
Abstracts  Out

Pauline Luafutu-Simpson (Pauline.Luafutu-Simpson@nzca.ac.nz) and Sam Utai,
“Standing outside the tick boxes”
This presentation will examine the changing face of Pasifika communities – 'Christchurch'  perspective. It will be based on a framework/model we developed to help us articulate  what we saw evolving within our Pasifika communities and the young Pasifika people we were working with that either stood on the periphery of both mainstream and traditional Pasifika communities - in fact in double jeopardy

‘Epeli Taungāpeau (epeli.taungapeau@paradise.net.nz), “How can I be Tongan in a
strange/promised land? Cultural and Theological Diversity in the MCNZ”
      This paper outlines the social and religious issues of a “TALANOA” that most Pacific Islanders especially Tongans who have migrated overseas and made their home in  a foreign land face in life.  Although the talanoa are not new, it is important to revisit  these experiences to identify key reference points that impact on the lives of the individual in the context of their family and how these factors will ultimately shape and
inform how Pacific Island migrants fit in their new society.

      There are several factors that influence an individuals talanoa including social location, identity, dreams and aspirations and the integral place of faith, tradition and custom, life experience and the bible. This Talanoa outlines the journey to Aotearoa, of a young nineteen year old Tongan male accompanied only by the talents, gifts and identity and the discovery of the means to fulfill a dream by pursuing the enhancement of
educational success in NZ.

      This talanoa explores the “call” to ministry in the Methodist Church of New Zealand  and the importance of faith and tradition in the process of migration to the land of the  Long White Cloud – Aotearoa New Zealand. It discusses several issues that Tongan  people who are members of the MCNZ encounter within the Church and the solutions.
      The commonalities within the talanoa provide useful tools for the church’s people to explore the development of durable options/solutions and illustrate a possible way forward when working with Tongan families in the Methodist Church of New Zealand. 

I had hoped that that Sonny Bill William’s saga would have died away by now, but I guess it just wanted to have as many people push across their own agenda items. Sonny Bill Williams (SBW) is an incredible high profile athlete who played Rugby League in Sydney for the Canterbury Bankstown Bulldogs. My son’s team.

In short, SBW left in July for France, breaking an existing player contract (with lot’s of money) to go to France for even more money. The bigger story is more complicated, otherwise the ditched club and industry (CB Bulldogs, Australia’s National Rugby League) wouldn’t be spending heaps of money on lawyers to try and prevent SBW from playing in France.

Apart from the legal jurisdictional, sovereignty land mines with this law suite, you have to wonder how real this effort is in suing someone to come back and play for you.  How is that to work? Supposedly SBW will be forced to come back and play with the CBB, and he is supposedly going to run on the park every week-end putting in his best because he has been shown the LOVE by his club.

Breaking Contract.

I’ve heard some flawed commentators (former players) going on and on about how vile this whole thing of breaking his contract. All while forgetting their own high profile, press covered, contractual fights where he and his employer reneged on a number of contractual details.

Contracts are for the benefit of the guy/gal with the biggest stick. Unfortunately for the NRL, SBW spewed in their face and put himself a distance away where he hopes the NRL’s big stick can’t touch him.

You really have to watch “The Legend of Johnny Lingo” to get a Pacific view of what contract negotiations should be, as opposed to the bastardised system it is now. It shouldn’t just be a Pacific view.

Differences

If you are running a Million/Billion dollar organisation, such as the the NRL or Australian Rugby Union (ARU) and are dependent on Pacific Islanders as part of your product, then I think it behoves you as a business to get a better understanding of your product.

If in Australia and you manage such a corporation and you’ve never been to a Kava Party, or a Hangi, a Pacific Wedding, or a Funeral, never seen at least “The Laughing Samoans,” or “Sione’s Wedding,” or God forbid you’ve never seen “The Legend of Johnny Lingo,” please don’t even assert that you have any idea about your Pacific bread.

If you’ve not gone to church with a Pacific Islander, you’re never going to understand the social binding integration of Pasifika.

Recent high-profile (huge money spinner) moves by ‘Isileli Folau at the Melbourne Storm moving to Brisbane, as well as Digby Ioane moving from the Western Australia Force back to Brisbane should have rung bells in the hallowed halls.

Islanders aren’t whites, they’re not blacks, they’re not like your other products. They’re loyalties and frames of reference are different.

In New Zealand the whole Islander thing was forced on the white culture by the gangs, and has evolved into a deeper cohesion between the different cultures. Of course, people being forcibly moved from their land may some day display anti-social behaviour and in retrospect you’ve got to consider the Maori and Samoan response have been quite civilised. In Australia, minor cultures are easily subverted and/or ignored.

Move On

The SBW saga highlights a number of shortcomings in the existing entertainment industry using athletes.

Either the industries learn from it and deal with it in a constructive manner or things are going to get from worse to worse.

The Pacific Islander issue needs to be reviewed and dealt with, that’s one way forward. This has always been a problem brushed under the table in Rugby League and increasing in Rugby Union.

Avoided it for a couple of hours, but after looking it up it wasn’t that hard after all.

Summary:

I needed to connect to a client’s broadband modem to do some maintenance. Unfortunately we’ve set the client up such that administrating the modem is only possible ‘from inside’ the client’s side of the cable modem.

The 2nd problem is that the modem is administered through a web interface so the question is, how can I securely get Internet Explorer to connect through a machine on the inside back to this modem ?

In fact, only one machine on the network can access the modem.

I was side-tracked with another problem using tunnels, but the solution for this particular scenario was relatively simple.

ssh –L local-port:modem-ip:modem-port internal-host

local-port is the port on my local machine that I will point the browser to (for example: http://localhost:local-port)

modem-ip is the IP address for the modem, from the internal-host. For example, a non-routeable/private IP address such as 172.16.11.1.

modem-port. The port on the modem where the web interface is listening. For example 80 or 443

internal-host is the Host inside the network to which I can jump to from the outside (usually a machine with a public-ip)

ssh –L 4321:172.16.11.1:80 host.example.org

I can access the modem by starting up Internet Explorer and using the address http://localhost:4321

ssh –L 4322:172.16.11.1:443 host.example.org

I can now access the SSL secured interface by using the address https://localhost:4322

Using the above scenario you can supposedly daisy-chain (connect from one server to the next) by having multiple terminals making one link to the next.

There’s also some ssh fu where you can chain from one machine to the next to the next on a single command-line, but we’ll leave that for another day.

Was having some serious problems with my music collection on the phone and after a couple of days of fiddling here and there I pulled the MicroSD out, plugged into the Laptop and …

Format solved the problem.

Before formatting the MicroSD I took a look around and sure enough there was a directly with a funny label implying that it was used by my phone for something, and the files inside that directory was full squiggly funny little characters (hint: good indicator of a disk corruption)

I wanted to trash the disk anyway, for a clean slate set up.

The problems I was having were Windows Mobile Pocket Edition (whatever version) would index my music 1,000+ songs, but I couldn’t get a song listed at all. Meanwhile, if I open the file by double-clicking it in Explorer it would happily play the song.

The 2nd problem, when I listed the categories/genres it would have some old genres that I had long excommunicated from my desktop. Deleting the music files and re-copying the music hadn’t helped, so there was obviously a collection of knowledge somewhere else storing this old outdated information.

I guess I could have just deleted that “metadata” folder, but while I was there, it was just as sweet to wipe the whole thing and feel refreshed with the new start.

The phone really is a computer.

Solution #1. Reboot

Solution #2. Format

I know people have been rebooting their iPhones, I wonder how you wipe stuff ?

I’m tickled happy I got a phone that supported microSD storage, I bought and 8GB card to go with my 2GB (which O4 got for her phone) and the 1GB stick that came with the phone. 32GB has been publicly announced (the design limit for this particular phone.)

I can upgrade by just buying a card, too cool (obviously waiting for the price to be practical, and my collection to become unmanageable.)

Woo hoo, built my first box in aeons.

Been playing with various bits and pieces at work trying to piece together at least another functional box. Sometime later we decided that we needed a new box and we would look at reusing as many components from the trash pile I was playing with.

Unfortunately, bits and pieces of the trash pile was working, but together there was no ensemble. We decided to get new bits for the parts that looked like were dead and yesterday was my turn to put the bits together (and pray I don’t fry anything.)

I think the last time I actually had to put a box together from scratch was back in 1998? As I recall we had a bum machine at QSC and had to get the motherboard from Australia(?) Ever since then I’ve basically had some under my wings that I told to read the Taiwanese documentation and cable the box together. Of course that was an experience in itself in finding ports not working because they just weren’t wired up.

Anyhow, a relative newbie and not wanting to ever open this box again I made sure every lose wire got plugged into something even if there was no likelihood that it would ever get used. Double checked the bits I couldn’t figure out with our resident hardware dude, crossed my fingers and pushed 240v into the machine.

Poof, no-sound, nothing! Woo hooo, go software dude. In the distant pass, when computers don’t power up, and you’re somewhat certain that the power supply works fine, pull the PCI boards out and see what happens. So, pulled out a few boards and voila machine sings beautifully.

That wasn’t too bad, now was it?

What are you using?

I was on the phone helping out a client with one of their machines when he asked,

What are you using ?

…

I’m using Ubuntu now, and it’s much better now. I’m never going back.

Apart from using two laptops (one Vista the 2nd Ubuntu) what I’m using more and more these days is my HTC Touch II, a Windows Mobile phone.

I really wanted a phone with a good Media Player, because using Public Transport for 3 hours each day really sucks when you can’t find something productive to use with that time.

Strangely enough, I really don’t use the Media Player for much entertainment consumption (also known as, I have more music on the phone then anything else, but I mostly use the Media Player to listen to Podcasts.)

Apart for the standard phone features (taking a call, making a call, using the phone book/contacts) a feature of the phone I check every day, is the little weather app. It’s just a ‘rich’ client that connects on demand to some weather website and gives me a sweet summary of weather forecasts for Sydney.

Weather Forecast for Sydney? It’s cold, and staying cold.

The HTC Touch II is heaps slower than the iPhone, and doesn’t have the gazillion apps touted for that platform. But there seems to be a gazillion apps for Windows Mobile out on the Internet, there’s just not a single repository for finding them so you have to have some serious Search Fu to find them.

I’ve updated my touch to the current Windows Mobile 6.1 platform thanks to the community out there, and am looking at a few apps for their usefulness for my experience.

So, I’m sitting here on the train when some punk (yeah, yeah, just a little envy) gets on the train, see’s me showing off by having my laptop out and catching up on some good old news feeds (so I can spend the time at home with the kids instead of catching up on static news.)

He sits down and pulls out his iPod Touch.

OK, coool, he’s bopping his head up and down and “having a good time” although the sound leakage from his earphones either means his blowing his eardrums or it’s leaking sound badly from not being a good ear-piece.

“Hello? Yeah, I’m on the train to Bankstown. What? You want me to get out? OK, Cool”

Whoaaa, his eyePod works as a phone?

Now, he’s got me curious cause I haven’t seen an iPhone version 1.0 in Australia so I’m trying to discreetly peak at his iPod(phone) while he’s trying to be discreetly having everyone notice him? (Remember there were quite a few sales of the iPhone 1.0 in Tonga so we’ve seen it around.)

He’s bopping his head up and down, polishing his iPod(phone.) Looking at the side of his iPod, it is definitely slimmer than the iPhone’s I’ve seen. Hmm, definitely a metallic silver back, so it’s either an iPod or an import iPhone.

This story would be sad if it weren’t such a lark.

So, I pull out my el-cheapo Nokia 6300 and call O4. Ha, ha ha, I wonder if he’s going to call someone else with his iPod phone, 8-)

Had the misfortunate to not hear the announcement that the train had rerouted, and found myself on a ride to woop woop (a term for nowhere, as in the middle of woop woop.)

On the frequent occasion when the trains are running correctly, I board and ‘alight’ at Bankstown Station (part of the Bankstown Line) shown in the diagram as a dark orange shade. Getting on at Wynyard Station the sign post said Bankstown line, and the announcer said Bankstown line (the deep orange lines on the map) but we ended up on the dark green line, taking a peak hour shortcut on the dark-green tracks.

We went from the standard route Museum –> Central –> Redfern –> blah blah –> Beverly Hills ? Where the hell are we going ?

Anyhow, since continuing the ride to further woop woop was a guarantee of having no idea of when I was getting home, I decided I better get off the train at the next stop (together with another load of people.) I guess people getting on at the last station knew where they were going and the poor sods like me had no clue.

Anyhow, we seem to have had an express to woop woop, and I only got on the slow train back to civilisation, because I was routing through the “Airport Line.” Wow!! That’s some serious tunneling.

A number of years back, after decades of government promises, someone actually got a rail line to go through to the city’s major domestic and international airports. The airports look spartan and very modernish (like the New York City Subways on Planet of the Apes) but the real cool thing was just watching that tunnel go for ever and ever. That was one huge tunnel trip (presumbly because by the time someone actually decided to get the work done, the whole place had homes on them so the only way was to go underground.)

Mind you, if I don’t see that wonderful specimen of human perseverence, I’m sure I wouldn’t feel the worse for it.

I guess the lesson to be learned here, is don’t trust the signs, check things along the way and have a packed lunch in your bag for those days you really end up in the middle of woop woop.

The day didn’t start off to well when I made that mad dash for the train, to realise I’m on a different schedule today, don’t go straight to the city, get to the coffee house first.

In some forgotten point during the age of cavemen clubbing each other on the head to make a point, some social nazi decided that it was critical for the organisation of the community that new members be introduced through stages of ‘conditioning’ into the norms of the society. In the 20th century, the induction process is variously called by the Greek Fraternities as “hazing.”

It may even be illegal in some quarters, but who is going to get in the way of social unity, and progress ?

Mr. Dave put me through Nullcube’s rigorous induction process, with the simple line.

How do you feel about walking into town?

Scum bag!!

We had our pow-wow session early Monday morning before heading into town for some real work (i.e. non-administration stuff.) “How do you feel about walking into town?” I shoulda clobbered him on the spot then.

Mr. Dave cut a quick march ‘clip’ for us from our Newtown HQ (ha ha ha, HQ is the fanciful term for where our base toilets are located 8-) and off we went. Ho K, he’s decided that we don’t need to grab a cab and then comes up with a fanciful reason for why getting a cab into town wasn’t a good idea today (the 2nd opportunity where I shoulda just clobbered him.)

He’s doing good, ‘cause he’s into this walking thing and makes the farcical attempt to get to the gymn every now and then. Mind you, I haven’t done a long walk like this for a long long time, like 1999!

The distance we’re walking here is probably akin to walking from Tofoa into town, which isn’t a bad walk, unless you have some hee bee jebee fitness fanatic pushing the pace, and you hit Broadway (less than half way to our destination) and everything’s on an incline (the wrong way.) Google Maps estimates the distance at 3 miles.

There is a great mythology amongst the Apple fanboys that Microsoft doesn’t understand, Linux isn’t up to standards and Apple products

Just work.

It must be the work of the delusional to always come across problems to the contrary and yet still tout your religion. So, a whole heap of people are having problems with all sorts of aspects with the Apple iPhone launch, but fanboys will propose that it’ll get fixed quickly, whereas if anyone else had that problem there would have been all sorts of noise about how crappy that platform is.

Fanboys unite in your delusions.

I still love that Air Con quote. Insanity is working for fifty years to find yourself in a nursing home where you can’t do a piss without having someone pull your daks down, or something to that tune.

Joel Spolsky reminds us of a business idea that comes other of the former Digital Equipment Corporation (DEC.) The discussion could be summarised as:

Administration is about keeping the lights on, not telling other people what they should do.

If you want to propose something, you own it, your tender it and get it out. Have the courage of your convictions, and take responsibility for your mouth.

Wouldn’t that be an ideal world?

Obviously, either the advice was not completely understood by DEC management, or it is not in itself sufficient for success (otherwise DEC the pioneer computer systems integrator, would not have been swallowed up by a PC box mover Compaq Computer Systems to be later swallowed again by HP.)

OK, I’ve been playing around with trying to get something to replace Microsoft Outlook for handling my “lists” of things to do, and calendaring would be nice.

I’m leaning very quickly at just getting back to using Outlook for the next six months.

My favourite potential replacement is Chandler from the http://www.chandlerproject.org. Unfortunately, it will randomly choose not to let me enter a new task/event. The data seems to never get lost between app restarts, reinstalls, but its very annoying not to be able add new “issues” which basically means I can’t trust the thing as a daily planner et. al. replacement.

It is rather slow to start up, but that’s one thing that you learn to accept when trying out replacement software (i.e. not critical at this point of assessment.)

Chandler has this nice GTD (Get Things Done) gui enhancement, which is neat although I wish the auto-sorting feature could be tweaked a little more (for example, if an event isn’t going to happen for a week, I don’t need it on my screen displacing other events that are going to happen sooner.

Chandler has a nice feature for synching your everything through their hub, or you can have your own server hub. This is way cool, and supports synching more than just your calendar (which is why I prefer this type of solution to just having Google Calendar)

The big Open Source Momma Personal Information Manager (PIM) replacement Novell’s Evolution has a near current Windows port, but it is dang slow. My hour on the train is over and the thing is still starting up.

I’ve started it up a couple of times, and I’m sure if I had 64 bit Windows with everything cached on a 12GB Ram machine, it might be faster (or normal startup speed for everyone else.) i might try colinux or andlinux and that might be a better solution.

But I can synch my Outlook with my phone. My phone has been out of date for the past 2 months as I have vainly attempted to get rid of Outlook.

Wax On!!

Bankstown *27.12.04
Originally uploaded by itsjames460

Tonight’s home run using the City Rail train service was another adventure with public transport in Sydney. When you live in Sydney the whole Public Transport Service is just one big adventure from day to day.

It’s not so fun an adventure when the weather is drizzly and cold.

I was on the 6:20 run from Town Hall Station to Lidcombe Station via the Bankstown line (although I catch this train from Newtown.) We were almost half-way home when we were all called out of the train because of some 'technical fault.'

We were dutifully told by the droning Public Address system that “the next train” will be departing from Platform 4. I guess you have to spend years on the rail system to realise that when they make statements like that, it is actually a subtle queue to get your fuber out of the train and move it to another train.

Many, it’s amazing how many people can fit on a train hauling eight passenger cars. It was enough that walking towards the stairwell to get off the platform, to move to the next platform, the queue slowed to a crawl half way to the stairs.

Don’t we all look like mindless cattle being prodded through the gates for the slaughter. Not totally mindless, but obviously resigned to our fate, we queued together to get to the bottom of the stairwell, and 4 people across made our way to the top of the stairs. To queue across the bridging platform, to queue down the next stairwell to get to the “Platform 4.”

Unfortunately Murphy’s law struck early, and the mindless cattle had already beaten us across and were already waiting on the platform. The mindless creatures, poor things, marked their territory right around the stairwell. This although laudable in the animal Kingdom, is quite inefficient.

We had probably 200 people still streaming through to the platform, and people were crowding around the entrance to the platform. When the train turned up (and the rest of us were still not on the platform) the push started by the people already on the platform, so the rest of us had to wait for things to clear a little before we could get on the platform to try and get on the train.

People were trying to press themselves into sardines in the nearest rail car, whilst the poor rail cars at the far end of the station stood quiet and with empty chairs.

Thankfully the rail strike that was rumoured for next week has been cancelled (let's just hope the trains aren't also cancelled.)

Forget the “It’s moments like these you need Minties,” It’s moments like these you need good deoderant.

Had my first session of validating firewall rules on Monday and Tuesday, wohooo that’s an experience. My previous installations were of small systems, so I have previous experience in ‘drafting’ the firewall rules, putting it in and letting it go live. Testing and validating the firewall essentially meant sitting there in front of the firewall server and watching traffic, tweaking issues as they became known.

Firewalls are the quality of the walls between buildings. The higher grade your firewall, the higher probability your building isn’t going to burn down, should the building next door go up in flames.

The quality of the construction material of your firewall is just part of the toolkit for minimising danger to your building, you also need to ensure that there’s no open passage for the fire to enter your building while avoiding your firewall barrier. One building that went up in flames had a decent firewall, but they had large ventilation shafts between the building and the next building, leading directly to highly combustible material. Fire from the adjoining building spread into our building through the ventilation shafts and the building came down, while the firewall held firm.

The burnt building looked like the aftermath of a bombing, the inside collapsed in soot while the firewall stood alone.

Lesson 1: Physical firewalls have the same limitations as their electronic / communications firewall counter-parts. They are only as good as the material their built with, and the ventilation shafts between your side of the firewall and the next.

Unless you want to burn your firewall to test it, the general idea is to test the materials and the process of producing your firewall.

With our computer firewall firewall, we have existing best practise procedures for designing and building the firewall, and we’re now in the stage of testing the “ventilation” shafts built into our firewalls to validate whether the rules we’ve set up for what to allow in and out through the ventilation shafts behave as we expect.

I haven’t heard of any automated tools for doing the testing, so if you’ve heard of one please do tell us.

At the moment the process of testing the open ventilation shafts (in computer speak “open ports”) is to set up a simulated network on either side of our firewall and generate network traffic trying to get through the firewall in both directions. Unfortunately, the generated cannot be purely random, each “open port” or “potentially open port” has to have a specific test.

Unless you have the money, you can’t really duplicate your live network in this test environment, so you end up spending a lot of time doing the network configuration dance, continuously readjusting your various test machines to simulate other machines and providing different services as well as simulating trying to get through the firewall to the other side.

Lesson 2: You really want a set of command-line tools for doing this. Windows greater user-feedback (GUI?) is nice, but it can really use up your time when things don’t work as expected (and how often is that the truth in a test environment.)

This is when it’s good to have several machines on an independent set of networks (i.e. at minimum you’re testing the firewall with two networks) but just as importantly several monitors, keyboards, and a cool smooth swivel chair to spin around in.

Don’t bother doing this using terminal/ssh connections, that is just a recipe for frustration and avoiding configuration options you need to consider (because often enough changes you need to do will throw you out of your terminal/ssh session)

Lesson 3: Physical hardware is way cooler than the virtual world on its own.

Most of what we tested only needed testing a direct connection to the server, but our last test before quitting for the day last night was to test whether a connection from a connection would go through on a virtual connection (VPN.) Woo hoo, that wasn’t easy, but it wasn’t as hard as initially expected (since we’d done similar stuff previously.)

If you’ve got almost the cash, where you can’t afford a full simulated network, but can afford a good size beefy duo of machines for either side of the simulated network, then you would probably go with using a network of virtual machines on either side of your firewall. Now, that would be way cool, but I don’t think my laptop is beefy enough (yet)

Oh yeah, my preferred firewall ? OpenBSD with PF, of course. For user VPNs, I’m doing pretty good with installing OpenVPN.