Archive for March, 2006

When to upgrade?

March 27th, 2006 by Sjan Evardsson

I have a minor (or possibly major) problem with my favorite Java IDE, . It seems that even though version 5.5 Q-build has been promoted to Build 1, I still have issues with using version 4.

I was much more comfortable with the workings of version 3 and earlier, where setting up projects and working within projects seemed much simpler. I still find myself frustrated with version 4 and the need to explicitly import the libraries I routinely use. With version 3 and earlier I imported those libraries generically for all projects. I still haven’t figured out how to do that in version 4 or 5. So now that the world is moving on what am I to do? I guess I will just have to upgrade and bite the bullet.

Comment Spam

March 24th, 2006 by Sjan Evardsson

While not usually on the top of the list of dangerous attacks, blog comment spam is a serious annoyance if nothing else. I just watched half a dozen spam comments pop up in the span of 30 seconds. Nice work by the bot, but a total pain in my rear.

So, I removed the spam comments and added the “magic word” pyBlosxom plugin available here. This is not perfect, but it should at least deter automated bots from generating comments.

A more serious type of comment spam was mentiond by Ted Leung – where a spammer uses the comment field to insert an entire email message including headers, which most comment mailers will simply pass through the open SMTP connection where the mail server will blithely parse and send out the message based on the headers contained. Ted’s workaround involves wrapping any To: From: and Subject: in the comment body in html tags so it will still display, but will be illegal as SMTP commands.

Once again, the arms race continues, but by taking the simplest methods of correction, we leave ourselves in a better position to later add more and different kinds of protection against attacks that (maybe) haven’t been invented yet.

Community built VMs for VMWare Player

March 22nd, 2006 by Sjan Evardsson

For those who are unaware, offers the free VMWare player. It’s an ok way to bridge the gap between not having any virtualization and a full-blown VMWare Workstation. There are only a limited number of pre-built Virtual Machines for VMWare player from the VMWare site, however.

There are instructions online on how to install a new OS in VMWare Player, but of course that means that you can’t install VMWare Tools.

The better solution (for the short term) is to allow those who have a full VMWare Workstation installed to create virtual machines for use in the player. Riding to the rescue on this front is vmwarez.com – a site that offers prebuilt virtual machines of Open Source OSes for use in VMWare Player. And I see that there are finally some community built machines showing up on the VMWare site now, as well.

I would, however, still recommend getting VMWare Workstation as soon as you can. It is more than worth it!

Why PostgreSQL

March 18th, 2006 by Sjan Evardsson

This article about answers the five most common excuses people give for not trying PostgreSQL, or for sticking with their proprietary RDBMS (such as Oracle or SQL Server).

Similicio.us bookmarklet version 2

March 14th, 2006 by Sjan Evardsson

Nothing all that exciting, just made a version of the bookmarklet that opens the result in a new window.

Here they both are:
Search similicio.us
Search similicio.us in a new window

Teaching security

March 13th, 2006 by Sjan Evardsson

I read a rather sad article on this morning about China’s Construction Bank servers being hacked and conducting phishing scams. In many of the comments I see users being blamed for being stupid, and one poster even refered to the majority of American internet users as “a bunch of mouth breathing, knuckle-dragging morons.” This kind of attitude only continues the “class war,” if you will, between IT and users. When you spout off with elitist comments you will be seen as elitist. (Imagine that.)

I submit that the majority of users are not stupid (or even “mouth-breathing, knuckle-dragging morons”), but are uneducated in the field of IT security. I am not advocating teaching every user every aspect of security (firewall construction to net monitoring, packet filtering to reverse-engineering malware), but the simple parts that directly affect them. How to tell a legitimate email from their bank/paypal/ebay/etc from a phishing scam. How to use antivirus and anti-spyware programs and keep them up date. How to make sure they are getting the proper updates for their OS and programs.

Some of it may seem like common sense to someone in the IT field, but that only comes after you have learned it. It is too easy to forget that once we, too, were ignorant of these things and they had to be learned. None of us were born with an instinctive knowledge of how to check the source code of an html email and see that the links go somewhere other than where they appear to, or how to install and configure an antivirus program, or any of the rest. The trick is to pass the knowledge on to users in such a way that it becomes common sense to them as well.

Syntax highlighting with nano

March 10th, 2006 by Sjan Evardsson

Ok, I will be the first to admit that this is nothing new, however I just found out it about today! It seems that all this time I have been using for my default linux editor, completely unaware that it has the capacity for syntax highlighting. (DOH!)

It seems that with a simple file you can set the highlighting colors for just about any kind of file. I found a very good example at http://osx.hyperjeff.net/MyApps/nanorc, although the Python highlighting he has uncommented has a mal-formed regex in the first line. (I just deleted that one and uncommented the one above and it works great.)

There are two examples at the bottom of the page at http://article.gmane.org/gmane.linux.gentoo.user.german/9565 – the page is in German but the .nanorc files are there. The first is for use with a black screen, the second for use with a white screen. (The hint here is don’t use black on a black screen or brightwhite on a white screen, and brightyellow is unreadable on a white screen as well.)

There are enough examples to get you started, and it shouldn’t be too difficult to come up with your own color schemes that fit the way you work best.

Mozilla / Firefox bookmarklet for similicio.us

March 8th, 2006 by Sjan Evardsson

If you haven’t yet heard, there is a nifty new site, , that helps you find sites similar to what you are currently looking at. As the site author puts it:

This is a mashup of del.icio.us and easyutil.com. It’s an experiment on my part to see whether I can quickly find relevant web sites based on people’s tags/bookmarks on del.icio.us, using the engine from easyutil.com. It answers the question “people who tagged this site also tagged what other sites”. I am using it mostly to find blogs that are similar to the ones I read, and to find new popular web sites that are in my area.

To make things easier I have created a Mozilla / Firefox bookmarklet. To add this just click and drag the link below to your bookmark bar.

Search similicio.us

Spamming for script-kiddies

March 6th, 2006 by Sjan Evardsson

Well, this has got to be the most annoying piece of spam I have received recently. It seems that now even the crack-scripting community is using spam to advertise their “services.” I have included a copy of the email – the more disturbing items I have emphasized in bold. The email:

From: noreply-52@ww-nn.web-hack.ru
Bcc:
Return-Path: noreply-52@ww-nn.web-hack.ru
X-OriginalArrivalTime: 06 Mar 2006 13:36:47.0450 (UTC)
FILETIME=410ABA0:01C64123]
Date: 6 Mar 2006 04:36:47 -0900
Dear Sir/Madam, Hello!
We are internet hackers crew – Web-hack. We propose you for sale some interesting things: – private exploits – http://forum.web-hack.ru – stolen credit cards and bank accounts – http://forum.web-hack.ru – we infect users pc’s with your trojan for low prices (10000 infected pc’s for 25$) – http://forum.web-hack.ru – bulletproof domains and hosting – http://forum.web-hack.ru Best offer – bulletproof domain + hosting =0 usd/week. You can use this hosting for any scam/fraud and nobody will close it! For more information look at – http://forum.web-hack.ru P.S. We are registering bulletproof domains on our partner site http://www.r01.ru/ there we have “our” people to guarantee stability of our domains and hosting so any organization like spamhaus.org cannot down our hosting and domains. We are now spaming 5 000 000 people look out the domain is alive as always and never gonna be down !! Please go and order our services at: http://forum.web-hack.ru Msg-ID: 12543

Whois:

forum.web-hack.ru
ww-nn.web-hack.ru

217.107.217.167
217.107.217.168

OrgName: RIPE Network Coordination Centre
Address: P.O. Box 10096
City: Amsterdam
StateProv:
PostalCode: 1001EB
Country: NL
Comment:
RegDate:
Updated: 2004-12-13
OrgID: RIPE
Address: P.O. Box 10096
City: Amsterdam
StateProv:
PostalCode: 1001EB
Country: NL

ReferralServer: whois://whois.ripe.net:43

NetRange: 217.0.0.0 – 217.255.255.255
CIDR: 217.0.0.0/8
NetName: 217-RIPE
NetHandle: NET-217-0-0-0-1
Parent:
NetType: Allocated to RIPE NCC
NameServer: NS-PRI.RIPE.NET
NameServer: NS3.NIC.FR
NameServer: SUNIC.SUNET.SE
NameServer: NS-EXT.ISC.ORG
NameServer: SEC1.APNIC.NET
NameServer: SEC3.APNIC.NET
NameServer: TINNIE.ARIN.NET
Comment: These addresses have been further assigned to users in
Comment: the RIPE NCC region. Contact information can be found in
Comment: the RIPE database at http://www.ripe.net/whois
RegDate: 2000-06-05
Updated: 2005-07-27

# ARIN WHOIS database, last updated 2006-03-05 19:10
# Enter ? for additional hints on searching ARIN’s WHOIS database.

www.r01.ru

195.24.65.17

% This is the RIPE Whois query server #2.
% The objects are in RPSL format.

% Information related to ‘195.24.64.0 – 195.24.71.255′

inetnum: 195.24.64.0 – 195.24.71.255
netname: PARKLINE-1
descr: Garant-Park-Telecom
descr: Science Park, MSU
descr: Lebedeva St., Leninskie Gory
descr: Moscow 119899, Russia
country: RU
admin-c: PAN-RIPE
tech-c: PAN-RIPE
status: ASSIGNED PI
mnt-by: PAN1-RIPE-MNT
mnt-by: RIPE-NCC-HM-PI-MNT
mnt-lower: RIPE-NCC-HM-PI-MNT
mnt-routes: PAN1-RIPE-MNT
source: RIPE # Filtered

person: Alexander V Panov
address: MSU, Science Park, Garant-Park-Telecom
address: Moscow
address: Russia
remarks: phone: +7 095 7898207
phone: +7 495 7898207
remarks: fax-no: +7 095 9308800
fax-no: +7 495 9308800
e-mail: panov@parkline.ru
nic-hdl: PAN-RIPE
mnt-by: PAN1-RIPE-MNT
source: RIPE # Filtered
remarks: modified for Russian phone area changes

% Information related to ‘195.24.64.0/21AS25537′

route: 195.24.64.0/21
descr: Garant-Park Telecom Block 3
descr: Science Park, Moscow State University
descr: Lenin’s Hills, Moscow, Russia
origin: AS25537
mnt-by: PAN1-RIPE-MNT
source: RIPE # Filtered

Definitely ones to watch for in your log files.

Test of gtk+ installer: VMWare 2, Gentoo 0

March 3rd, 2006 by Sjan Evardsson

Well, I tried the gtk+ based graphical installer on a VMWare virtual machine. I am sad to say it failed painfully – and did so after many hours of emerging and compiling. Part of the problem was in the fact that I had selected to install enlightenment, fluxbox and blackbox (to play around with some different wm’s I hadn’t messed with previously) and the installer chose to install those and gnome and kde. Needless to say, it was many hours to go. Thankfully (?) after about 4 hours the installer failed on some ebuild or other (I don’t recall what it was right now) and that was that.

I tried it again. With the exact same results. The definition of insanity: doing the same thing over and over and expecting different results. So, now I have a working VMWare install of Gentoo 2006.0 using the minimal install disk and am building enlightenment, fluxbox and blackbox the “older fashioned” Gentoo way – via a simple emerge call.

Final score: VMWare: 2, Gentoo Graphical Installer: 0, Gentoo minimal installer: The winner by default.