Jeremy C. Reed's blog

06/Feb/2009

Fri, 06 Feb 2009 16:33:53 -0500

I am about to teach a lecture using an Impress presentation, but viewing in Openoffice.org 2 looked bad since was apparently missing Courier 10 Pitch. No message warning me or asking me to suggest replacement. The document also uses Courier New and that works fine.

(I had downgraded from openoffice 3 as the document formatting is broken with that and we can't reformat the 500+ slides before upcoming lectures. So need to stay with openoffice 2 for now.)

I see openoffice 2 is bundled with many fonts / types including LiberationMono-Regular.ttf which I believe provides my "Courier New". My NetBSD system had the other font that I needed:

$ fc-list : family file | grep -i courier | grep -i pitch
/usr/X11R6/lib/X11/fonts/Type1/c0583bt_.pfb: Courier 10 Pitch
/usr/X11R6/lib/X11/fonts/Type1/c0582bt_.pfb: Courier 10 Pitch
/usr/X11R6/lib/X11/fonts/Type1/c0611bt_.pfb: Courier 10 Pitch
/usr/X11R6/lib/X11/fonts/Type1/c0419bt_.pfb: Courier 10 Pitch

(The font-bitstream-type1 package also has these.)

I searched and searched and read many docs but couldn't find intructions for this. The openoffice site was overwhelming and the searching there was no help. Finally google led me to this openoffice.org page. I had looked at the Printer Administration tool before but didn't notice it was for fonts too.

So here are my steps to get openoffice2 work for Courier 10 Pitch (and some other fonts too).

Ran /usr/pkg/lib/OpenOffice.org2.4.2/program/spadmin tool. Click Fonts... button and it showed my current fonts (known to openoffice2). I clicked Add... and the checked the "Create soft links only" checkbox. Then clicked '...' button for Source directory. Chose new Source directory (/usr/X11R6/lib/X11/fonts/Type1/) and pressed Select and it then showed a list of fonts including ones I needed. I chose "Select All" and then "Ok". A popup said 28 new fonts were added.

Symlinks were created in ~/.openoffice.org2/user/fonts/ for .pfa and .pfb PostScript Type 1 font files and .afm files. I had to restart openoffice for it to recognize this new symlinks -- and it worked.

Sure seems wrong for openoffice (even version 3) to bundle a huge amount of fonts and do its own font management.

28/Jan/2009

Wed, 28 Jan 2009 10:35:16 -0500

I had been using blackhole{} in my named options to stop responding to the spoofed UDP sources. The correct DNS response is REFUSED (not giving them referals). But over time I know these are not correct DNS queries and I assume they aren't really from the source address, so I choose to not respond at all.

This is for ongoing DDoS attacks that I was participating in as are many other DNS operators. In my case, I was only replying with same amount of traffic as I received (REFUSED), but many DNS servers are configured to actually provide a list of other nameservers to ask instead causing the response to be maybe five times larger. You can learn more at DNS-OARC: https://www.dns-oarc.net/oarc/articles/upward-referrals-considered-harmful (but note that it is different targets now).

So I decided to use PF which makes it easier than editing named.conf and reconfig. In my /etc/pf.conf, I added:

table <dns-ddos> persist
...
block drop in on $ext_if proto udp from <dns-ddos> to any port domain

Then reloaded my PF rulesets. Then I add IPs to drop:

 /sbin/pfctl  -t dns-ddos -T add 76.9.16.171

I also asked my upstream providers to help track the spoofed addresses and to encourage them to deploy BCP38 to make sure they don't allow bogus source addresses originating in their own space.

I haven't added all the spoofed IPs hitting me yet, but here are some:

# /sbin/pfctl -q -t dns-ddos -T show
   63.217.28.226
   64.57.246.146
   66.230.160.1
   67.192.144.0
   76.9.16.171

10/Jan/2009

Sat, 10 Jan 2009 10:59:32 -0500

So for at least five years or more, I have had a wide variety of hardware power down when doing pkgsrc builds. It has been quite frustrating as a pkgsrc developer and maintainer and especially when I need some specific software installed, or system was in use for other tasks, and especially long fsck was a hassle.

I finally tracked this down to be overheated systems. I used mbmon and then later envstat to report the temperatures. I wrote scripts over the past few years to suspend my builds when temperature was too high and continue them when it dropped, but as you can imagine that is a slow way to build and not reliable, since sometimes stuff got built out of order or incomplete.

So this week, I received a hint that I should turn down my CPU frequency. I had heard of this before but never put two and two together. For example:

$ sysctl machdep.powernow
machdep.powernow.frequency.target = 2000
machdep.powernow.frequency.current = 2000
machdep.powernow.frequency.available = 800 1600 1800 2000

I already had powerd running since I use it for my power button. So I setup /etc/envsys.conf to set up the hardware sensor monitors:

acpitz0 {
  refresh-timeout = 5s;
  sensor0 {
    critical-max = 179F;
    warning-max = 170F;
    warning-min = 159F;
  }
}

And I edited my /etc/powerd/scripts/sensor_temperature script to lower or raise my machdep.powernow.frequency.target sysctl tunable. And it worked! The temperature doesn't get too high now and the system continues to run.

So I have been documenting this in my "Power management and hardware monitoring" chapter in my upcoming "Getting started with NetBSD" book. If you'd like to read, please let me know.

I also have around ten questions about the envsys framework. If you have an answers, I'd much appreciate it.