I just finished upgrading my pfSense firewall to the latest 1.2-RC2 release. I’ve been running 1.0 (and a pre-1.0 release before that) on a network appliance for several years now. It’s a very solid and stable firewall with a bunch of features usually only found on higher-end equipment.

pfSense is a firewall appliance derived from m0n0wall, based on BSD and has a great web-based configuration interface. I installed this latest release of pfSense into a VMware virtual image, and also have it running on a 1G CF on a mini-itx VIA motherboard.

I have been using pfSense successfully to manage a static IP subnet, using its 1:1 NAT and virtual IP addressing features to route the static IP block to the servers to which the static IPs are assigned. I also use the traffic shaping features to allocate bandwidth for VoIP accounts that terminate at an asterisk appliance on the internal network. Real-time traffic graphs and traffic logs also give and idea of the bandwidth loads on the network.

The pfSense  firewall appliance also serves as a VPN endpoint into my internal network, pfSense offers VPN services through IPsec, OpenVPN, PPPoE, and PPTP. I’m currently using PPTP with Windows XP clients.

Other features of pfsense include captive portals, load balancing, CARP for failover protection, OLSR, RIP, SNMP, UPnP, DHCP server and relay, DNS Forwarder, Wake on LAN, and a packaging system that lets you add on third party packages to the firewall such as radius servers, network monitors, web proxies, and security tools, to name a few.

pfSense contains all its configuration in one XML file which makes it easy to upgrade and configure the firewall. pfSense can be run in an embedded environment (off of a compact flash card, with no console/keyboard) or on normal equipment with I/O enabled. Packaging pfSense into a VMware image was also very straightforward and worked as expected. This virtual firewall image can then be used to decouple the firewall software from the hardware and give me the flexibility to quickly switch hardware as needs change or hardware failures are encountered.

A friend of mine introduced me to Hamachi a few days ago. Since then I’ve finally gotten around to installing it and playing with it, and I’m really impressed. Hamachi bills itself as a zero-configuration Virtual Private Networking (VPN) application. I personally like to think of it as a zero-configuration Virtual Private LAN application as that is basically what it allows you to create - virtual LANs over the Internet.

What this means is that using Hamachi, you can finally eliminate your traditional VPN endpoint and use Hamachi to securely transport traffic destined for your LAN over the Internet (WAN) For example, take typical Windows / Samba file sharing. Without Hamachi, you would have to connect to a VPN on your home network to access any file shares in your LAN. With Hamachi installed and configured on the server(s) in your LAN, you can access them over the Internet via the Hamachi service without the need to have a VPN connection established to your home network.

Hamachi comes in a free and paid service, is a very simple, straightforward installation, and is compatible with Windows, OS X, and Linux. I have performed the install on all three of these operating systems and it is very straightforward (even the console installation for Linux and OS X is quick and relatively painless). I have successfully used Hamachi from a foreign network and it works just fine.

Hamachi supports NAT to NAT traversal and is able to establish peer-to-peer communications between nodes in 95% of all cases. Hamachi uses industry-standard security algorithms and protocols, and uses an open security architecture allowing verifiability of all security implementations by third parties. When connecting two nodes, Hamachi makes every attempt to connect the nodes directly, but has the capability to use a relay server when direct connections are not possible. Hamachi can also be used to connect LAN segments through some creative routing. With this option you can install Hamachi on a single computer in your LAN and have it act as a gateway to all the machines on your LAN. Pretty sweet and very useful.

If you often connect to file shares at your home network, but haven’t found a good solution for accessing these shares when you’re away, you should consider taking a look at Hamachi. Hamachi is also good for remote desktop sessions, iTunes streaming, gaming, and securing your email, if your email servers lack TLS capabilities.

Cool term for something that I’ve been spending a lot of time thinking about and working on for several years now. Maybe I just haven’t been paying attention, but I just came across the term for this market of products a month or two ago when listening to the CTEK Angels Live podcast of the MoodSeer product. I must say I am slightly amazed that we aren’t further along in this category yet (oh yeah, we were also supposed to have interplanetary space travel at the turn of the millennium), but according to the MoodSeer presentation at the LivePitch event, this market is expected to grow by 70B between now and 2011. I also believe this market will be experiencing a large deal of growth as I think the technology is available to create products at costs that are reasonable.

My personal interest in this area has rendered itself in the form of a a PBX serving the voice (telephone) needs of my home and home office, digital music available throughout the home via a centralized music collection and the Squeezeboxes, a whole house audio distribution system via the Zon whole house audio system. Various servers for sharing my photos and video collection with family and friends, along with serving several domains, web, and email.
One idea I was thinking about around a year ago and started tinkering with was the simple idea of having something like all the clocks in your house connected to your home network (wired or wireless). The idea involves throwing a small Linux buildroot onto some cheap embedded hardware and have it display accurate time (synchronized to the atomic clock of your choice courtesy of ntp). The software would be simple, and the hardware not too complex. I even attempted to implement this using the Gumstix platform hooked up to an LCD.

The idea is that Linux+ntp would keep your clock synchronized at all times, especially when the power comes back on from a power failure, or daylight savings time goes into effect. I figured you could hook this up to the Ethernet network in your home, or probably would be a good candidate for wireless, perhaps Zigbee would be the physical layer of choice here, as 802.11 might be overkill and also expensive to implement.

Currently, my collection of Squeezeboxes serve as my rudimentary implementation of network-sycnhrnoized clocks throughout the home. I also use them to display the incoming caller ID (name and phone number) for any calls coming into the house, courtesy of a simple Asterisk AGI script I cobbled together.

Ambient Devices

I ran across Ambient Devices a month or two ago when I was playing around with the Google Calendar. They seem to be doing exactly what I described in the last couple paragraphs. Currently they have a few products, including the Weather Wizard that displays the current weather for five cities directly from accuweather.com. They also have a number of cool looking orbs that communicate information (from the Internet) through subtle changes in the color of an orb-looking device sitting on your desktop (or attached to the handle of the umbrella they sell) Pretty cool concept, and is true to their “Ambient” company name. They also sell their chipset and seems that their chipset is embedded in a LG “Weather Plus” refrigerator.

Ambient Clock

Anyhow, the Ambient Clock is what got my full attention. Not yet in physical product form, but currently a Google plugin, this concept clock connects to your Google Calendar, and not only shows you the current time synchronized to the network, but also has a unique way of displaying the time and duration of upcoming appointments for the day. The mechanical chassis design is really slick looking as well.

I only imagine that additional products that could fit the market that Ambient is targeting include things like:

1. A digital rolodex that sits next to your phone (heck maybe it’s embedded in the phone) and lookup addresses and phone numbers for your contacts in a LDAP or online database of sorts
2. A digital recipe manager that sits in your kitchen and is connected to your favorite online cooking site (cooking light, food network, etc…). It lets you lookup and conveniently display your favorite recipes as you prepare your meals.
3. Further the clock idea by offering a network-connected alarm clock - never worry about the time resetting to power outage. Alarm wakes you up to an Internet radio station or MP3. I guess the Squeezebox does this to an extent already.
4. A device that monitors and alerts you to a powder day for the skiers out there, Great surf conditions for the surfers, or open tee times at the local club for the golfers.

Ok, well a somewhat lame list of other uses, I had some more examples a while back but can’t seem to recall some of them at the moment. Plus I need to get back to studying for midterms this week.

Yeah, that’s right, all you HostRockets, HostMonsters, HostGators, MonsterHosts, and the whole lot of you, listen up! Google Apps for your Domain is here! You may now commence ceasing operations, because, well, your market has been saturated for a long time now, and we’re Google - providing this service for free (UPDATE: Looks like Google Apps is going Paid). And honestly, you guys make GoDaddy look like an easy-to-use respectable operation with your numerous hosting plans, upsells, addons, additional features, and such!

Introducing Google Apps for your Domain
Google Apps for your Domain is a free (at least at the time of this writing) service from Google that lets you “brand” Google’s applications under your own domain name. Google Apps features include:

• Google Mail for your domain
• Google Calendar for your domain
• Google Talk for your domain
• Google Page Creator to host web pages for your domain
• A customizable start page to preview your email, calendar, news, and other domain content.
• A nifty customizable control panel to manage domain accounts and users.

So What’s the Big Deal?
Well, if it isn’t obvious, this is an amazing service for a number of reasons. First, it eliminates any excuse for a business to operate without a legitimate business domain and the web and email hosting to support it (See my prior article on this problem). Second, it’s Google Mail (GMail) for your domain! GMail is by far the best web-based email client I’ve ever used. That, and there are no annoying ads inserted at the bottom of your emails (at least for now). GMail is very easy to use in a web browser, and Google Desktop makes it easy to stay informed of new messages arriving in your inbox.

Third, it’s Google Calendar (GCal) for your domain! Once again GCal is by far the best calendaring solution I’ve see in ages. I’ve been using GCal for maybe a year now and rely on it heavily. In fact, it has recently become my browser homepage. GCal has great support for multiple calendars, sharing calendars, setting up meetings, and sending meeting notices. It has a very clean presentation, is very easy to use, and is accessible from iCal, phones, Google Desktop, and pretty much anywhere else thanks to the API. Packaged with Google Apps for Your Domain, it can be used for office scheduling and has hooks into Gmail for creating meetings and such. GMail and GCal are eating Microsoft Office’s lunch, too.

Google Talk and the other applications are just icing on the cake. With Google Talk, your business can finally embrace instant messaging within your company. The page creator while a little weak, does provide a decent solution for publishing static web pages. The start page is what you’re used to if you’ve ever personalized your Google search experience. The control panel is a well thought out, easy to use user management console. It provides a dashboard to get an overview of your domain and the capability to create email lists and mail aliases. It also offers an number of customizable features for your domain including your own logo, domain aliases, time zones, and other similar settings.

Drawbacks
For most businesses or individuals, the drawbacks are minor. GMail for your domain offers 2GB of email storage per user. I imagine you are still subject to giving up a little mail privacy as Google is known to index all their GMail content. Google Page Creator is somewhat limited and dynamic content or scripting does not seem possible at this time. Web content is limited to 100MB at the time of this writing. Finally, you’re on your own when it comes to setup and configuration, however there are some good forums that can help you out along the way.

Regardless of the (minor) drawbacks, Google Apps for Your Domain is perfect for most small businesses looking for Internet hosting. I host a handful of sites through my Obility, LLC company and have even been recommending it to some of these companies as a possible better, cheaper alternative.

If your business is considering options for Internet services hosting, have hosting in-place already, or you’re one of those businesses that have incomplete hosting, you’d be doing yourself a favor to take a look at the Google Apps for your Domain.

I don’t want to see another business using a third-party domain for their web or email (i.e. joeswidgets@comcast.net) ever again!

Last Sunday my wife and I attended a live eTown taping at the Boulder Theater featuring Nanci Griffith and Piers Faccini. It was a great concert, and personally not having really listened to either of these artists beforehand, I was very impressed. During of Nanci Griffith’s closing songs for her set, she’s singing about the radio, and at one point near the end says, “…Now that’s a real Clear Channel.” Obviously making a jab at our dear monopoly of the airwaves, Clear Channel Communications, Inc.

That got me thinking this morning about RadioIO and Internet radio in general. For many years now I have made an effort to avoid listening to broadcast radio. The commercials, the trendy music, the annoying DJs that laugh at their own jokes, the commercials… Being an early adopter of the Slim Devices Squeezebox music players, over the last few years, I have tapped into a whole (new) world of streaming Internet radio accessible through these players.

About RadioIO
RadioIO hosts what is probably my favorite set of streaming Internet radio channels. They feature around 22 channels of varying genre: Acoustic, Jam, Rock, Classical, World Disco, Edge, Eclectic, Beat, and many more. Heck, they even have a 24-hour a day Grateful Dead channel (RadioIODead), if you can’t get enough of that good ol’ Casey Jones, drivin’ his train, high on cocaine.

The beauty of RadioIO (and most Internet radio stations in general) includes:

• Few to no commercials - RadioIO toots its own horn for 30 seconds or so every couple of hours, but that’s about it (and the commercials aren’t obnoxious)
• They really do offer a diverse mix of music including independents, up-and-coming artists, ones you’ve never heard of, and the ones you’ve always heard of. So nice to hear new artists and new songs - diamonds in the (Clear Channel) rough, so to speak.
• No censorship of artists, types of music, or otherwise due to corporate mandate or the fact that the latest Britney Spears single is so popular with the fans that it “censors out” the entire body of music composition due to its incredibly high amount of airtime.
• No annoying DJs
• Free! Or at least very low-cost - Being a fan of RadioIO I’ve purchased one of their $50 annual SoundPass Memberships hoping to support the cause and keep it commercial free.

Streaming Internet Radio in General
RadioIO is but one of many options available in the Internet radio segment. Shoutcast provides about a bazillion different genre and music channels streaming to you from all over the world. Check out Folk Alley.Com for a little bluegrass/folk music and occasional music history lesson. Listen to public radio? Then choose pretty much any station across the nation, and stream it static-free from the Internet (We listen to KUNC.org broadcast from Fort Collins). There are so many options when it comes to Internet radio that my 81GB music collection has a pretty thick layer of dust on it now and is becoming rapidly obsolete.

Now, you say you can’t get Internet radio in your car? True, true, at least not yet. But until municipal WiFi comes to your location, load up your Ipod with some great music or a nice audiobook and tune out those “Clear Channels”

If you’re like most people, backing up your important data is an afterthought at best - at least until the day comes that you lose all your pictures, email, important documents, and that doctorate thesis you’ve been working on for the past few years. Even then some of these same victims of data loss become lax in their backup practices over time putting themselves at risk for another data loss event. What is it they say about doing the same thing twice and expecting a different outcome?

When you run several servers and you have a computer count that is in the double digits, backing up all the data on those servers and workstations is a serious matter. Several years ago, I bit the bullet and started searching for a great solution. After evaluating many backup applications that just didn’t work out, I hit the mother lode and found one of my favorite applications, BackupPC developed by Craig Barratt. I have been successfully using BackupPC for a while now, and a year or so ago I turned the BackupPC server into its own embedded network appliance running off of compact flash (and storing the data pool to a 300GB IDE hard drive).

About BackupPC
BackupPC is an open source application written in Perl. BackupPC runs as a server, connecting to clients, and extracting and saving backup data on disk. BackupPC has a very nice web-based user interface and an extensive set of configuration options that provide flexibility to specify the exact backup policy you desire. BackupPC is compatible with Windows, Linux, Mac and pretty much any operating system that supports SMB protocol (i.e. Windows file sharing) or rsync

BackupPC Media Management
One of my favorite features of BackupPC is its media management. BackupPC makes efficient use of the backup media by implementing backup data pooling and compression. Duplicate files encountered in a given backup set, across sets, across workstations, or any combination of these are managed such that only one real copy is kept in the backup data pool and the rest are “links” to this master copy. For example suppose Alice and Bob are two Mechanical Engineers working on a large SolidWorks design. Suppose they both have the latest revision of this SolidWorks design checked out onto their local workstations (you do use version control don’t you?). Suppose BackupPC makes a backup of Alice’s computer first. When it gets around to backing up Bob’s computer, it realizes it already has a copy of the Solidworks file and creates a hard link to the file backed up from Alice’s computer, saving a network transfer and backup disk space. BackupPC also can be configured to compress the backup data pool stored on the backup disk, and it only has to run the compression algorithm once per unique file thanks to the data pooling algorithm BackupPC employs. BackupPC can also be configured to create permanent backups of the backup data pool to removable media such as DVD or tape for offsite storage.

Versioned Backups
BackupPC’s efficient use of the backup medium allows it to provide versioned backups of your servers and workstations without the worry of quickly exceeding the capacity of the backup disk. BackupPC easily manages full and incremental backup sets, automatically merging incremental sets into their corresponding full backup set. Restoring a file is simply a task of logging into the web-based user interface, selecting the full or incremental backup desired, and navigating the file tree and selecting the files you want to restore.

My BackupPC Media Stats:
To give an idea of the amount of data and number of versions you can keep around with BackupPC, I included a few screenshots from the user interface. I have a 300GB drive as my backup medium. First, the uncompressed statistics:

Now the backup data pool statistics on compression and disk usage:

So I’ve only used around 86GB (37%) of my backup disk, even though I backup seven hosts and have around 280GB of raw backup data. Pretty impressive, in my opinion.

BackupPC User Interface
BackupPC has a great web-based user interface that allows both administrator and end-user access allowing the appropriate privileges for each role. Like I mentioned above, selecting backup sets and files is a simple task. Here are some screenshots indicative of the Backup Summary and Backup Browsing available on the BackupPC website.

Other Backup Options
To be complete I thought I’d mention a few other backup options that seem worthwhile and briefly discussion pros and cons of each.

(more…)

Early 2006, our family finished a home remodel, adding around 400 square feet to our home in Boulder. During this remodel, I seized the chance to install structured cabling in the house, and ran around 56 Ethernet drops and a handful of coax. In addition to the cabling, I took this opportunity to find and install a great solution to whole house audio distribution. I had toyed with this in various forms before the remodel, some of these including:

1. Crude hard-wired RCA cables between audio locations (was a temporary solution at the time)
2. Zone synchronization using Slim Devices Squeezeboxes - Which at the time was a nice solution for synchronization on a non-deterministic Ethernet network, but had limitations when streaming Internet radio and content that didn’t have timing gaps between songs (used for resynchronization)

When I began research on a whole house audio solution, I wanted to focus on a solution that was easy to use, didn’t require running a ton of specialty cable, could be expanded, and could undergo a degree of change to the layout of the system (change zone locations, input sources). Because I had been using Squeezeboxes for a while then, I had heard of Sonos, and was considering it, however it had a steep price tag, and I wasn’t willing to take a chance on its synchronization claims without a good demo of all the features. Eventually however I ran across the ZON Whole House Digital Audio System by Oxmoor and instantly knew I had found what I wanted.

The ZON system is an all-digital audio distribution system that consists primarily of three parts:

1. ZON input modules (ZIM) - contain digital and analog inputs for connecting various input sources
2. ZON audio controllers (ZAC) - these output modules provide input selection, volume control, audio amplification, and connect to a pair of speakers for audio output.
3. ZON router - Connects up to four zone audio controllers and eight ZON input modules (a ninth set of inputs are provided on the router itself) Multiple routers can be daisy chained to allow for additional zone and input source support.

The ZIMs and ZACs are all connected to the ZON router using standard cat-5e cable which provides power, data and audio and IR signaling to the ZIMs and ZACs. While the ZIMs are designed to fill a one-gang spot in a wall (similar to an electrical outlet) I decided to forgo installing them in a fixed location and capitalize on the Ethernet connectivity which gives you the flexibility (especially if you have 56 Ethernet drops in your house) to move the input modules around to mix and match sources. The ZAC modules are two-gang units that install in the wall similar to a light switch, have a iPod-like control feature (jog/shuttle dial with center selection button) and a LCD character display to indicate the selected source, settings, and other information. Select the input you want to listen to in a given zone or mix and match inputs in different zones throughout the house - it doesn’t matter - the audio comes through clean and synchronized whether you’re listening to one source or multiple simultaneous sources.

One of the neatest features, and one that I think provides additional distinction between the ZON and other alternatives is the ZON system’s ability to routine infrared remote control signals to the selected input device. Each ZAC module has an infrared receiver, and each ZIM a port for connecting an infrared flasher (output device). The ZAC automatically relays any infrared remote signals received to the selected source’s infrared flasher allowing control of the source device from any of the zones in your home.

Finally, the ZON system has paging and monitoring features. Press the paging button and speak and you’ll be heard in every zone. Select a configurable ZAC input and you can monitor the activity in that zone. The monitoring feature is great for infants as we have been using it for exactly that purpose over the last eight months.