Looking at pfSense as a Firewall

I’ve got a small, multiple-ethernet port computer arriving from Amazon today (a QOTOM Core i5).

I’ve been running SOHO boundary routers for the last many years and finding that they’re somewhat inflexible, eventually stop being updated and often frustrating in the features that they omit.

I’ve had a new boundary router sitting on the shelf for about a year that I still can’t get my ISP connection to provide an address to. It works fine as an upstream off of my internal network though. There isn’t enough diagnostic information readily available to figure out what is happening and shutting my external connection down for extended experiment breaks isn’t really a happy thing either.

I’m expecting to install pfSense on the machine when I get it. I’ll have to come up to speed on the configuration for pfSense, but I expect that once I’ve got it in place, the project will continue providing updates over a much longer span than other options. I’m also hoping that inbound VPN capability can be set up without extra cost client packages and other entanglements…

I’ll update once I’ve got the hardware in hand and have started in on the setup process.

Nice to find that there’s a C# port of iText open source

Looking around at PDF processing code out there. iText kept showing up but it is a Java library and these days I’m focusing on .NET (at least for a while). Found that there is a C# iText on github. Not sure when I’ll get around to messing with it, but being able to work with PDF these days is a very useful capability (and I’m not doing anything closed source in the sandbox anyway)…

The humble GUID/UUID…

Guids come up periodically. They’re the one obvious choice when a truly unique identifier is needed but you can’t have some application specific central registry (akin to Dicom-3 identifiers).

They look like somewhat random strings of hex digits with dash separators but there is additional structure in there.

The originated with OSF-DCE (the one unix distributed computing environment). Microsoft borrowed parts of OSF-DCE when building COM and DCOM. Guids came along for the ride in this and became part of the windows infrastructure.

In a recent discussion, a piece of code that loaded up ‘fake’ Guids as small integers with zero fill came up. I refreshed my memory (they’re now defined in RFC4122) and came to the conclusion that these aren’t well formed UUIDs at all. There are a couple of short bit fields within the body of a GUID that define the version and type of the GUID. These can’t be zero unless all bits are zero (the null GUID).

 

Starting to look at NUnit

I want to implement some unit tests for the servicemanager service. Not particularly necessary for something this small, but I want to get a look at NUnit and this little service exists in part as an excuse to try some new technologies out on a small scale.

I’ve been using the Microsoft test facilities at work lately and have not been overly impressed. I’m hoping that NUnit will serve better and it runs under the professional rather than enterprise version of the tools.

I’m a bit torn on the dependency injection front. I have components that use system facilites (SCM, registry and such)…in fact most of what this little service does leans that way. Adding in half-baked mock-ups of SCM and registry classes for injection purposes doesn’t make me happy but building limited capability wrappers that expose only what I need now so that I can intercept things doesn’t make much sense either.

I’m still finding my happy place on the DI/Unit test front it seems.

Full unit test of happy and unhappy path with robust, broad based DI looks to me to add two to three times the amount of work that was required to implement the baseline component. Low fidelity mocks leave the code with half-baked unit tests as mock failures either hide deficiencies or generate their own set of phantom errors. Still hunting a state of grace on this front.

Adding support assembly to ServiceManagerService

I’m pulling much of the existing guts of the service manager service out into a separate assembly. I’m expecting this to make for a cleaner design and make testing of the various components easier.

Currently building out the configuration retrieval component. Not expecting this to be a thing of beauty at this point, but should be serviceable and make it easier to build the active part of the service code to always respond to the current state of things.

Once this is done I’ll have to build out a service access and state management component to effect the requested changes.

The real challenge will follow as I need to add a Wix installer to create an MSI to get this onto other systems.

Web UI will likely wait for a later time. It needs to be self-hosted but I’m still not sure what the right toolkit is. I also should figure out how to secure it as this will have full access to some very sensitive items.

Sandbox work and GitHub

Added a menu page under ‘The Sandbox’ menu that points to my github page and provides a quick list of projects that I’m hosting there (just one as yet).

I’ve got a number of other toy projects to play with as time permits. Lots to do and interesting possibilities touching a broad range of technologies. At the moment, work is far more software management than software implementation so I’m looking to keep the fire burning here in the sandbox…

I’ll be updating that set of notes to reflect activity on github as things progress. Hopefully by this time next year there will be a good sized list of interesting projects up there.