Security and Usability

Posted by Administrator in Slashdot, Technology on November 3, 2005

ewuehler writes “I don’t think I’ve ever heard a security application, be it a consumer anti-virus application or an enterprise IPS application, described as “user-friendly” or “easy to use”. When I read the title of the O’Reilly book Security and Usability: Designing Secure Systems That People Can Use, I took the bait and requested a copy for review. The title could also double as my current job description, so I was equally interested from a “job education” point of view. The book is a collection of (mostly) academic articles, grouped in sections and chapters. Each article/chapter is written by different authors; from Bruce Tognazzini who founded Apple’s Human Interface Group to Blake Ross of Firefox fame to names previously unknown to me. Read on for ewuehlers’ review.

Originally by samzenpus from Slashdot: IT on November 2, 2005, 2:24pm

No Comments

Vista To Get Symlinks?

Posted by Administrator in Slashdot, Technology on November 2, 2005

TheRealSlimShady writes “According to a post by Ward Ralston on the Windows server team’s weblog, Vista server is to get symlinks as part of the SMB2 protocol.” From the post: “In Vista/Longhorn server, the file system (NTFS) will start supporting a new filesystem object (examples of existing filesystem objects are files, folders etc.). This new object is a symbolic link. Think of a symbolic link as a pointer to another file system object (it can be a file, folder, shortcut or another symbolic link).”

Originally by Zonk from Slashdot: IT on October 31, 2005, 5:36am

No Comments

Asterisk + VoicePulse – Part 1

Posted by Administrator in Communications, Technology on November 1, 2005

WARNING
This can get complicated! Although a basic configuration using Asterisk is easy to copy, once you start developing your own PBX extensions you’ll find it can get tricky quick. I’d recommend everyone read: A guide to VoIP and Asterisk for more details on the language and concepts.

The other day, I helped one of our clients setup a Vonage VoIP phone. The process was so simple, and the quality / service seemed terrific. I’ve always been interested in VoIP, but I wanted more functionality then a just another phone line. Since I already have a cell phone it didn’t make much sense to buy another phone for my home. After doing some research I found Asterisk an open-source PBX application which lets you do just about anything with an incoming / outgoing phone call. From my initial investigation it sounded like this was exactly the application I was looking for. Cell phones are a way of life now, but a traditional home phone is still very convenient.

Voice Pulse offers a special service called CONNECT! They allow you to connect your PBX to the PSTN (Publicly Switched Telephone Network) without much hassle. They also offer a set of Asterisk configuration samples to work from. Their website admin tool is very helpful as well; you can create new phone numbers instantly, all for just $11 per month!

The setup process has been fairly easy. I’ve setup the configuration using a soft phone, and I can route incoming / outgoing calls perfectly. Although I have not finished configuring additional services like voicemail / 3-way calling / etc all of these seem to be build into Asterisk.

The next setup is to connect my normal phones into the PBX. A soft phone is neat, but the point of this process is to setup a traditional home phone as well. Asterisk has a close relationship with the hardware vender Digium. I decided to test my initial setup using an IAXy, which is a little blue box that connects to the PBX automatically. This is very similar to the Vonage phone solutions you would buy at the store, except much more cut down.

So far so good, although I have much more testing to do, this is a prefect combination! Asterisk is for any tech-savvy uber-geek who is looking to get more out of VoIP.

No Comments

Oracle To Offer A Free Database

Posted by Administrator in Slashdot, Technology on November 1, 2005

An anonymous reader writes “ZDNet News reports that Oracle is likely to announce a free version of its Oracle 10g Database. Oracle Database 10g Express Edition will be free for development and production use, and could even be distributed with other products. What does this mean for the future of MySQL and PostgreSQL?” From the article: “By introducing a free entry-level product, Oracle intends to get more developers and students familiar with its namesake database, Mendelsohn said. Those customers, Oracle hopes, will eventually upgrade to a higher-end version.”

Originally by Zonk from Slashdot: IT on October 31, 2005, 7:29am

No Comments

How The NSA Secures Computers

Posted by Administrator in Slashdot, Technology on November 1, 2005

An Anonymous Reader wrote to mention an NSA site covering secure configuration guidelines for a number of operating systems. From the site: “NSA initiatives in enhancing software security cover both proprietary and open source software, and we have successfully used both proprietary and open source models in our research activities. NSA’s work to enhance the security of software is motivated by one simple consideration: use our resources as efficiently as possible to give NSA’s customers the best possible security options in the most widely employed products.”

Originally by Zonk from Slashdot: IT on October 30, 2005, 3:10am

No Comments

The Definitive Guide to MySQL 5

Posted by Administrator in Slashdot, Technology on November 1, 2005

jsuda writes “The Definitive Guide to MYSQL 3rd Edition certainly deserves its title. It is a large, dense, complete guide to MySQL and updates its predecessor edition by covering new MySQL5 and new auxiliary software including database administration tools and interfaces. MySQL is the open-source database software which has become very popular for web-based database applications now being used by Yahoo, NASA, Slashdot, and other entities. Read on for the rest of Jsudas’ review

Originally by samzenpus from Slashdot: IT on October 31, 2005, 2:40pm

No Comments

Fully Automated IM Worms on the Way?

Posted by Administrator in Slashdot, Technology on November 1, 2005

nanycow writes “The sudden appearance of a rootkit file in a spyware-laden IM worm attack has set off new fears that malicious hackers are sophisticated enough to launch a fully automated worm attack against instant messaging networks. Researchers say the stage is set for a worm writer to use an unpatched buffer overflow in an IM app to unleash a worm that is capable of infecting millions or users without the use of malicious URLs that require a click.”

Originally by CmdrTaco from Slashdot: IT on November 1, 2005, 9:38am

No Comments

HotSpot Solution NoCat

Posted by Administrator in Operating Systems, Software, Technology on October 26, 2005

After evaluating a number of products I found NoCat to be the best open source solution for building hot spots. We aren’t an ISP, but we often host seminars where techie clients need Internet access. To effectively isolate that traffic from our network we created a separate link off our head-end router, and connected it to a vanilla PC running NoCat + Redhat 9.0. Another advantage is advertising; we wanted to let everyone know who is providing this great service. NoCat lets you force users to read a disclaimer before they can access the Internet. This helps protect us legally, and ensures clients will see our logo every day.

SPECS
Compaq Desktop
300MHz 64MB RAM
10GB Hard Drive
2 x Netgear FA311 NIC’s

INSTALL
Before installing NoCat we setup a DHCP server on the router. It turns out the installation for the DHCP server was more complicated then the hotspot! The process was very smooth and refined. These guys make it easy to quickly bring up a hotspot. The configuration was created automatically during installation. Because we run a cluster of access points we decided to just run two network cards, and do basically routing on the machine, if you only want one access point you can configure it with a wireless network card. We then connected three access point to a switch network behind the new “hotspot router� and everything worked prefect. As always we created some basic scripts to automatically start the services after a reboot and manage the servers log files since this was going to be an unmanaged solution.

TESTING
It worked exactly as expected. We configured the software to store users MAC addresses for 24 hours. Afterward the user would be forced to reread our splash page. The solution has been running for a full year now, and we’ve had no complaints.

CONCLUSION
We’d recommend this solution to anyone who is looking to launch a hotspot. The process is simple from beginning to end. All you need to do is install a vanilla version of your favorite Linux distribution, setup DHCP, setup NoCat, and your up and running. From the initial installation to launch the setup only took a few hours.

No Comments

CentOS 4.1 64-bit + CPanel

Posted by Administrator in Operating Systems, Software, Technology on October 18, 2005

After a horrible experience using Windows XP 64-bit, I decided to give Linux a chance to prove 64-bit technology is mature enough for production use. The server is going to be doing a “minimal� installation which should keep things fairly simple. However we’re going to install a copy of CPanel to continue to test control panels. This should add a little complexity to an otherwise vanilla installation.

INSTALL OS
The installation process is the same as it has always been. Things went very smooth, and it automatically dedicated my 3ware RAID controller. I am very happy with 3ware controllers because of their extensive support in Linux. For the most part we’ve standardized our office on 3ware for our RAID controller needs.

INSTALL CPANEL
Now things are starting to get interesting. According to the CPanel’s website they completely support 64-bit CentOS 4.1. Right…

FAIL
Support and work-out-of-the-box are two completely different things. It turns out there are a number of issues between dependences which cause specific pages from working in 64-bit. The only solution at this point is to remove the RPM’s which conflict and move on without them. The simple fix worked and we’re back in business. The RPM which conflicts was something which we didn’t need anyway… Stupid eh?

TESTING
Now that we have it up and running everything seems extremely quick! We’ve added a group of test domains to the server to get an idea how it will hold up on a mild load. Everything seems to work perfectly. We’ve used only small personal sites to test, but for the most part everything has been smooth sailing once we fixed the 64-bit RPM issue.

SUMMARY
It’s my opinion that Linux + 64-bit is here. Obviously some software has some catching up to do, but for a most the simple tasks a Linux server does 64-bit is a viable solution. With the prices on AMD64 chips fairly low it makes a great value server. I would recommend one of these chips to anyone looking for a high performance server, but unable to afford the traditional Xeon-class chips.

1 Comment

Log File UNIX Commands

Posted by Administrator in Operating Systems, Technology on October 17, 2005

One of the biggest parts of my job is managing website log files. Our business is very “marketing-centric�, so missing log file data isn’t expectable. There have been a few situations were log files have been split or broken. Below are three nice little commands which have helped tremendously.

Removes all log files with no data
find /home/httpd/logs -size 0 -type f -print0 | xargs -0 rm –f
This is a simple little command which helps keep things neat and organized. Once files rotate I’ve found a bunch of empty files on the folder. This really confuses some of the marketing people.

Converts log files extention into logical month.
for i in `dir /home/httpd/logs/*-access_log.1|sed s/\.1$//`; do mv $i.1 $i.feb; done
A little more complicated. Again, the overall goal here is to make the log files more friendly for marketing people connecting into the FTP server. I am converting the *.1 extension file created by the log rotate into *.month. I use this single line to change the extension on 300+ files. Works fantastic!

Combines log files with extentions .1.1 -> .1 and creates a new logical month.
for i in `dir /home/httpd/logs/*-access_log.1|sed s/\.1$//`; do cat $i.1.1 $i.1 >$i.mar; done
Here is the big daddy. One month because of a mistake the log files rotated mid-month. This would have been a nightmare to manually concatenate each file. This script above takes the files and combines them. Try to do this in windows!

For the most part I’ve learned to hate access logs. They are a big, always changes, difficult to backup, and from a technical perspective somewhat useless. These little few commands above however make life a little easier.

1 Comment