I put this project down for a long time to work on other stuff (nothing of interest to the slashdot crowd; you'd have to go to the forum site for people who clean out their rain gutters and remove old asbestos from their houses).

When I returned, I used the PXE boot / install method to install Debian Woody 3.0 on the compact flash. This is a vast improvement. I think that the Debian installation and package tools make it much easier to install a minimal system, and the file system errors have disappeared. I think my problem was similar to a RedHat problem I had on another machine, where the fs was not cleanly unmounted by the distro.

I've been building iptables to make it a real gateway, and will post more info in the next week about this.

Of course, I wanted to try OpenBSD, but they do not support PXE booting, so no love there. I read on Openbrick.com that the way to install OBSD is to get a laptop hard disk, install on a laptop, then transfer the disk to your appliance. What is this, the Dark Ages? Also, pf is not quite up to snuff yet. It works well for some projects at work that just need to keep out everything, but some of the advanced features of iptables are not there yet. I will revisit OpenBSD in a few months and see how it's working, the priv separation and systrace jails make it ideal for security.

No disrespect to the OBSD developers, I just think that embedded devices are where it's at. When a shmoe like me can build a better DVD player than Toshiba with cheap hardware and free software, we may soon see imaginative people from outside the consumer electronics field with some great ideas that Sony would not build. As embedded devices become more common it would be good to see security up front (instead of as a clumsily executed afterthought like the rest of the computer industry). Feel free to call me an ungrateful bastard; I am just trying to sum up why the software won't work for me at this point.

So, Linux it is for now. I am looking into security for the device with systrace, or some other sort of process jail to keep the device from being compromised.

Finally, I just got my rebate check for the Viking CF card I bought from amazon. Final cost: 512MB for $149. The price is lower now, see here.

Anybody seen this with Compact Flash and Linux? Using either ext2 or ext3 I get some weird errors on the Compact Flash partition that is mounted read-write.

Every so often after and init 6 or init 0 the system needs to fsck'd, saying that there are errors on the filesystem. I switched the /usr filesystem to read-only and the errors stopped. I am working on getting /var into a ramfs, and /tmp -> /var/tmp, which should obviate the need for read-write partitions from the CF.

But, this filesystem corruption is worrisome, as I will have to remount rw to update the software or kernel.

Then again, I seem to remember problems like this on RedHat on my regular old Intel machine, and some sort of fix I put in place to make sure it cleanly unmounted at init 6 or 0. I should learn to keep better docs.

I installed RedHat 7.2 on my little firewall, to no avail. GRUB is having some sort of memory addressing breakdown, because I have 512MB RAM and it says "Error 28" implying that it cannot figure out how to fit a linux kernel into RAM.

Well, tonight I will give it a go with LILO and see if that is better.

The problem could also be that I am loading the kernel and / from compact flash. Using the RedHat installer I got the system down to 301 MB (I have a 512 MB CF), but I can whittle away at it later. I will also build he tiniest kernel I can for the installation.

Next experiment is to fit the whole thing into a DiskOnChip module (I bought 32MB, why not have some fun?).

The Realtek LAN is set up in the firmware to boot across the network, since this little guy has no floppy or CD.

Added: Power consumption. It consumes 10 watts of power. According to my meter, it costs .09 USD / day. When powered off, it uses 1 watt. The motherboard claims to have a time on/off capability I can set in the BIOS, and I also want to try wake-on-lan so that internal users can wake it up by connecting to the network.

How did that happen?

Maybe I should start indicating my Friends here. I probably will not call anyone a Foe, because I like that "you play your cards close to the vest" description of myself that ./ provides.

Also, I don't want to make disagreements here personal, and finally, by announcing myself as someone's Foe, I will possibly alter the behaviour of a user whose antics give me good laughs.

Received a cool kit today. It's a Lex Light System. Not mini-itx (instead of 170mm X 170mm, it is more rectangular, but same area), but it's tiny with a via chipset, via eden CPU at 533MHz, and a sleek metal case. Other stuff not found on mini-itx boards: 3 X 10/100 ethernet that can be disabled with jumpers, Compact Flash slot, and DiskOnChip socket. Also, 12V DC power in.

I ordered it from Synertron Technologies, the CA office of Bona Computech from Taiwan. Talk to Eric Lin, or send mail to info@synertrontech.com. Just don't freak out when they say they only take checks; they're legit, and sent me my system quickly once it was in stock.

Plan: Build a firewall for home network, using 32MB diskonchip for boot, 512MB DIMM, and 512 CF for logs and the rest. Maybe I'll use a RAM disk for logs and just gpgmail 'em to myself.

The hope: quiet, low-power like a cable modem, no moving parts, and nobody in the house has to remember to turn it on to get to the Internet.

I'll post progress here as I get the rest of the parts and start to work on it. DiskOnChip 32MB module should be here tomorrow, and RAM should be here today.

The Eden CPU has a fan on it. VIA says that the 533 can run fanless, so I may remove it since I do not plan to overclock or run multimedia on the thing.