From xkcd:

On a Netscreen 5 using the Home–Work port mode, Home cannot talk to Work.
You cannot change or remove the rule that denies traffic from Home to Work. You cannot add a exception that allows some traffic from Home to Work. If you try to change the rule, you get a less than helpful error:
set policy from "Home" to "Work" "Any" "Any" "ANY" permit
unknown keyword Any

I'm aiming for a setup where I have separate networks for public services (Web, Email, DNS) and management/private services(SSH, LDAP, Syslog) with a firewall in the middle arbitrating access.
The general public should only be able to access public services on public service machines.
Public service machines should only be able to access services that they need on private service machines.
Private machines need full access to public machines for service monitoring (Nagios and Cacti/SNMP.)
So it turns out that I cannot use the Home–Work port mode because in some cases the public network needs access to the private network and the private network needs full access to the public network.

Tomorrow I'm going to try Trust–Untrust port mode with a secondary IP on the Trust interface for the private subnet and Intra–zone policies to control communication between the two subnets.

My iBook took a tumble off of a stack of Total Control 1000s yesterday and cracked the screen frame.
My previous iBook fell off my dorm bed and cracked in the same place. I was able to replace the frame and it eventually died of the G3 logic board bug. I think the screen frames are the same, so I'm going to try replacing the frame with one from my G3.

While it may be asking too much for a consumer notebook to survive falling three feet onto the steel plate at the base of a telco rack, all my non-iBook laptops have survived much worse.
I suspect the magnesium frame used in the iBook is too brittle and can't handle the sheer stress next to the hinge.

Prior to the iBooks, I had a Sony VAIO with a 17 inch screen. It survived falling five feet off a ironing board. My brother is using it now, six years later. Its hard drive died and was replaced a few months ago.
The Toshiba 486 laptop that I used in my early teens survived even worse handling.

If I can repair it, my iBook will stay safely at home. I'll try to find a used Panasonic CF-28 for field work. I doubt I can break one of those. I don't need a gaming powerhouse, just something that is compatible with Ubuntu and will run Firefox with decent performance.

I know how to do that

So, I recently acquired a Netscreen 5XT—the smallest firewall available from Juniper.
Since I purchased it through eBay, Juniper will not let me purchase a support contract for it unless I first pay a warranty reinstatement fee. This reinstatement fee is equal to one year of support.

It turns out that the 5XT, one year of support, and the support reinstatement fee combined still costs less than a PIX 506e without support.

Now if I can just figure out why my VPN is not working…

I love my keyboard

I love my keyboard. It is sturdy, clicky, and full of history.

Sometimes when I really get into coding, my roommate asks what I'm doing. He can hear my keyboard through the door.

Once upon a time it was the keyboard on a SP in a Hitachi Trinium Mainframe. A one inch grey square covers up the IBM logo.

My keyboard is a IBM 42H1292 from Greenock Scotland.

This Christmas Eve morn

Here I sit writing. What do I hear? The dryer, dishwasher, and bathroom fan each buzz in a slightly different manner. My roommates' alarm clock is buzzing. Nightwish is playing in iTunes.

It is the holiday. I have a to-do list. I'm on-call, but my parents are close enough that I could probably go visit them. Unfortunately my younger siblings have a cold. My brother and several friends are in Denver. I don't think I can stretch my on-call response time that far.

So, here I am. It is Christmas Eve and I have a to-do list. I have the kitchen and bathroom partially cleaned. I've turned one broken low-quality futon into a low table. I'm rearranging my bedroom and the living room. I'm a few sections into The Nicomachean Ethics. Later I'm reading The Histories. Hooray for time to read.

It is interesting to see which kinds of untidiness people are willing to tolerate.
I am usually surrounded by piles of books, papers, and parts. My roommate keeps his desk clear and books on the shelf.
I notice dust bunnies on the kitchen floor. He goes on vacation and leaves this sink full of dishes.

I wonder which is the more sanitary method of storing eating utensils, in a drawer or on a counter top rack? I should find a microscope and count germs.

The system disk in my e420r died the other day. From now on, said system volume is going on mirrored drives. I wanted to fix it early last week, but work was really busy. I have it plugged into a console server, so I can work on it from home, I just need to setup JumpStart on my X1.

I was running syslog-ng and Splunk in a zone on the 420r. In hindsight, I should have used the X1 for infrastructury things and the 420r for projects and hosting.
I installed the X1 first, so I've been using it to host my home page, wiki, and simple projects. I think I'll repurpose it as a JumpStart/Nagios/syslog-ng box. I'd like to run Cacti on it as well, but then I need to add MySQL to the mix.