PocketMac 3.0 is Out

Check it out here if you have a and want to sync it with your .

Cobalt Woes, Windows 2003 Niceties

Our Qube died on us today when I unplugged a cable, forcing me to improvise a temporary router out of my Windows 2003 Server (Web Edition - I don't need all the extra cruft to test IPSec and IPv6 stuff...).

A closer look at the Qube revealed air intakes clogged with enough dust and lint to trigger asthma on the entire population of New Zealand, so I brought it home to clean (expect pictures of its innards), boot it off the Restore CD image I ought to have found by now and (hopefully) bring it back to life.

(I only found out recently that the Qube is officially discontinued, and that Sun released source code for the OS changes and boot ROM under a BSD license.)

Meanwhile, I re-acquainted myself with Windows 2003's Routing and Remote Access service. Yes, re-acquainted. I'm not a bigot, you know... Before killing off nearly all my PCs, I ran a Windows 2000 Server box as my home firewall/DHCP/DNS server for something like a year, with zero incidents (other than downtime caused by the occasional power cut), and RRAS was one of its nicest features.

(It's not the OS that's insecure, it's what you do with it and how you do it.)

The Windows 2003 RRAS has the usual hideously counter-intuitive wizards, but this time they actually accomplish something, defining internal and external network interfaces for you to do the actual routing with (If you try to set up NAT on your own, you'll soon figure out that all interfaces need to be correctly flagged as "internal" or "external" before RRAS works properly).

Like most 2003 services, lock-downs (no incoming traffic, firewalling, etc.) are on by default, so you won't create an insecure configuration without actually trying. Setting up a NAT firewall plus the ridiculous amount of static routes we need for managing stuff was easy, but the interface, quite honestly, still sucks. And nowhere did I get a warning that RRAS would silently invalidate quite useful bits of apparently normal configuration (such as the default gateway set on the OS property sheets for the main network interface), which took some time to figure out.

But all in all, 2003 works, and saved me the bother of rattling my brains about which iptables switch I should use to enable whatever. I'll have to eventually, since I don't think I'll be running 2003 on that box for much longer, but it's nice to know it works.

Sort of.