While upgrading some software on one of our FreeBSD servers at work, I ran into the following problem with openssl-stable:
# cd /usr/ports/security/openssl-stable
# make clean
===> Cleaning for openssl-stable-0.9.7m
# make
===> Extracting for openssl-stable-0.9.7m
=> No MD5 checksum recorded for openssl-0.9.7m.tar.gz.
=> No SHA256 checksum recorded for openssl-0.9.7m.tar.gz.
=> No suitable checksum found for openssl-0.9.7m.tar.gz.
*** Error code 1
Stop in /usr/ports/security/openssl-stable.
The problem is caused by a recent change in openssl which deleted the checksum information for the stable version (0.9.7m) of openssl. The fix is pretty simple: just restore the checksum info for 0.9.7m to /usr/ports/security/openssl/distinfo. I’ve submitted a PR to the project which contains a patch file for folks who’d rather use patch(1) than copy-pasting three lines of text. 
We got a new Kyocera printer at work a few days ago. The model we’re trying out is an “EP510DN“. We had a heck of a time finding information for this printer on the Kyocera web site. In desperation, we called their sales/support people who informed us that a Kyocera “EPwhatever” is an EcoPro unit, all of which show up on the KyoceraEcoPro domain. (Personally, seems like having completely different domain names for the same company is a good way to dilute your brand.) As soon as I added “EcoPro” to my Google query, I got meaningful results on the first page.
We are setting this up on a FreeBSD print server. We had DHCP and DNS configured and tested, so we created a printcap(5) entry for the printer, and got… errors (from the /var/log/lpd-errs log file):
lpd[32955]: /dev/lp: No such file or directory
After much head-banging, I finally figured out the problem–there was some whitespace at the end of one of the lines in the printcap. Doh!
Some other notes and information about this printer:
- Web-based configuration doesn’t support https:// protocol.
- The configuration username is “admin”. Default password is “”. Get IP configured on the printer, pull up the web interface, and change it–ASAP! (Ideally you would set the password on a private network, before putting it on the Internets. Not that it’ll do you much good–see previous note.) I’ve seen a pretty gnarly security exploit for Kyocera printers, which seems to bypass what little security is available, but I haven’t tested it on our unit yet.
- The printer supports Bonjour protocol, although it doesn’t seem to be a “real” PostScript printer. (My Mac sees it as a “Generic PostScript” device.)
- The EP510DN PPD file is available for *nix operating systems. I’m still looking for a Mac driver for this printer.
I don’t know if we’ll keep this printer or send it back. The print speed is definitely nice, and print quality seems alright. I’m a bit disturbed about all the network services that this printer provides, without securing them in any meaningful way. I’ll try out the cracking suggestion above and see if this model is vulnerable.
I am so screwed… I ran the portupgrade utility on one of our FreeBSD servers at work. This was a production system that we used for printing certificates for our students, preparing address labels for USPS shipments, and several other small (but crucial!) database applications. When I realized that the upgrade had roached all these business-critical apps, I tried to restore the system and found that my backups weren’t usable. ARRRRGH! From now on, I’m going to verify my backups by generating a “table of contents” from the backup media after the backup is complete.
for ($i=1; $i<=100; $i++) {
print "$i. I will *never* run portupgrade(1) again without making sure I have a *known good* backup!\n";
}
