The rcorder keywords in /etc/rc.d/sshd normally look like this:

# PROVIDE: sshd
# REQUIRE: LOGIN cleanvar
# KEYWORD: shutdown

Change the rcorder keywords like so:

# PROVIDE: sshd
# REQUIRE: NETWORKING cleanvar
# BEFORE: mountcritremote
# KEYWORD: shutdown

Now sshd will be started right after the network has been configured.

Note that starting sshd before certain parts of the system are ready might give you temporary or permanent errors. For example, starting sshd before the user home directories are mounted might cause problems with logins. However, if your machine has all critical filesystems on local disks, making these changes should not pose any problems, and will allow you to log in while the rc scripts are still running, giving you the opportunity to fix any misbehaving services.

Setting bash as the default shell for the root user however has a big downside: if you ever break bash or any of the libraries it depends on, you can’t log in as root anymore to fix it. I’ve tried quite a few ways to work around this, and I think I’ve finally figured out a good solution: leave the root shell as /bin/sh, and add this snippet at the end of /root/.profile:

[ -z "$BASH" ] && /usr/local/bin/bash -c 'true' && exec /usr/local/bin/bash

This will start bash, but only if the shell sourcing .profile isn’t bash, and bash can actually successfully be executed.

In FreeBSD 9, ash has apparently grown command name completion. Together with the editing functions (already available in FreeBSD 7), this might allow me to switch to ash as the default shell.

Spurned on by the arrival of an iPad, I finally sat down and worked through configuring CUPS and avahi. So I don’t have to go through all the fiddling again, here’s a recipe of what I did.

Fortunately, ppp(8) offers a configuration parameter to influence the IP addresses negotiated with the peer (ifaddr), and suggesting a different address will make the configuration work.

If you get this log output from ppp, you need to configure address selection:

IPCP: deflink: RecvConfigAck(4) state = Req-Sent
IPCP:  IPADDR[6] 10.68.235.57
IPCP:  PRIDNS[6] 193.189.244.197
IPCP:  SECDNS[6] 193.189.244.205
IPCP: deflink: State change Req-Sent --> Ack-Rcvd
IPCP: deflink: RecvConfigReq(47) state = Ack-Rcvd
IPCP:   [EMPTY]
IPCP: deflink: SendConfigAck(47) state = Ack-Rcvd
IPCP:   [EMPTY]
IPCP: deflink: State change Ack-Rcvd --> Opened
IPCP: deflink: LayerUp.
IPCP: myaddr 10.68.235.57 hisaddr = 0.0.0.0
Warning: iface add: ioctl(SIOCAIFADDR, 10.68.235.57 -> 0.0.0.0): Destination address required
Error: ipcp_InterfaceUp: unable to set ip address

Here’s my complete ppp.conf, with the ifaddr line included:

u3g:
	set device /dev/cuaU0.0
	set speed 115200
	set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0
	set authname internet
	set authkey  internet
	set log local phase ipcp
	set dial "ABORT BUSY TIMEOUT 2 \
		\"\" \
		AT OK-AT-OK \
		AT+CFUN=1 OK-AT-OK \
		AT+CMEE=2 OK-AT-OK \
		AT+CSQ OK \
		AT+CGDCONT=1,\\\"IP\\\",\\\"internet\\\" OK \
		AT+CGACT? OK-AT-OK \
		AT+CGATT? OK \
		AT+CGCLASS? OK \
		AT+COPS? OK \
		ATD*99***1# CONNECT"
	set crtscts on
	nat enable yes
	add default HISADDR
	disable dns

This applies to both 7-stable and 8-stable (with both the old and the new USB stacks). I’ve used u3g(4) on both occasions. The original ppp.conf for 3G modems is based off this one from Nick Hibma.

This is how it looks like when using ifaddr:

IPCP:  PRIDNS[6] 10.11.12.13
IPCP:  SECDNS[6] 10.11.12.14
IPCP:  PRINBNS[6] 10.11.12.13
IPCP: MS NBNS req 130 - NAK??
IPCP:  SECNBNS[6] 10.11.12.14
IPCP: MS NBNS req 132 - NAK??
IPCP: deflink: SendConfigReq(2) state = Req-Sent
IPCP:  IPADDR[6] 10.0.0.1
IPCP:  COMPPROTO[6] 16 VJ slots with slot compression
IPCP: deflink: RecvConfigReq(50) state = Req-Sent
IPCP:   [EMPTY]
IPCP: deflink: SendConfigNak(50) state = Req-Sent
IPCP:  IPADDR[6] 10.0.0.2
IPCP: deflink: RecvConfigRej(2) state = Req-Sent
IPCP:  COMPPROTO[6] 16 VJ slots with slot compression
IPCP: deflink: SendConfigReq(3) state = Req-Sent
IPCP:  IPADDR[6] 10.0.0.1
IPCP: deflink: RecvConfigNak(3) state = Req-Sent
IPCP:  IPADDR[6] 10.42.237.110
IPCP:  IPADDR[6] changing address: 10.0.0.1  --> 10.42.237.110
IPCP: deflink: SendConfigReq(4) state = Req-Sent
IPCP:  IPADDR[6] 10.42.237.110
IPCP: deflink: RecvConfigAck(4) state = Req-Sent
IPCP:  IPADDR[6] 10.42.237.110
IPCP: deflink: State change Req-Sent --> Ack-Rcvd
IPCP: deflink: RecvConfigReq(51) state = Ack-Rcvd
IPCP:   [EMPTY]
IPCP: deflink: SendConfigAck(51) state = Ack-Rcvd
IPCP:   [EMPTY]
IPCP: deflink: State change Ack-Rcvd --> Opened
IPCP: deflink: LayerUp.
IPCP: myaddr 10.42.237.110 hisaddr = 10.0.0.2
PPP ON freebsd-current>

Slashdot post, linked Slate article, nice overview page.

A couple of things that are buried in the pages linked above, but which helped me to get up to speed:

• CSS rules:

<style>
@font-face {
    font-family: "testing";
    src: url("output.ttf") format("truetype");
}
</style>
<!--[if IE]>
    <style>
    @font-face {
        font-family: "testing";
        src: url("output.eot");
    }
    </style>
<![endif]-->
<div style="font-family: testing">
Hello, Multiple Browser World!
</div>

• Fonts available free of charge or under free licenses
• Utility to convert TTF into EOT files (should be available as a FreeBSD port as www/ttf2eot shortly)

Now I just need to quickly build a WordPress and a MediaWiki template, and we’re all set