Posts

Showing posts from 2004

Check-up geral

Como diria o Raulzito,

"Acabei de dar um check up na situação
o que me levou a reler Alice no País das Maravilhas".

Ou melhor, Alice in Wonderland, ricamente ilustrado.

Não sei se o Raul viajava com coisas místicas sobre esse livro. A única coisa que sei é que o país das maravilhas é um universo surreal e ilógico, e por isso os comedores de ácido e outras drogas alucinógenas tratavam esse livro com muito carinho.. :)

Vou tentar ler essa birosca e ver se surge algo interessante.

Solution for Web admin interface for cups in Ubuntu not working

I had troubles making the web interface in ubuntu 4.10 work.

Whatever I set in cupsd.conf, I had an access denied message:

UnauthorizedAdministrative commands are disabled in the web interface for
security reasons. Please use the GNOME CUPS manager (Computer > System
configuration > Printing).

In /var/log/auth.log the following message appeared:

Dez 17 13:05:34 localhost cupsd: (pam_unix) authentication failure; logname=
uid=0 euid=0 tty= ruser= rhost= user=nictuku

Also, in /var/log/cups/error_log I had:

E [17/Dec/2004:13:05:50 -0200] IsAuthorized: pam_authenticate() returned 7
(Authentication failure)!

The solution is quite simple. Just change the /etc/cups/cupsd.conf and set the daemon user to root: Put "User root" in the file. Then restart cupsys.

Obviously this is a security no-no, but one should have the freedom to do whatever he wants, right? :)

Seriously, Ubuntu disabled that for a reason. It's bad to log in as root using plain http authentication. In some c…

Proteção de popup do SP2 e barra MSN quebrada

O carrasco do IE, mais conhecido como Liu Die Yu, da malware.com, quebrou mais uma vez um item de "segurança" do IE.

Dessa vez foi a proteção de popup's do SP2. Na mesma latada, a proteção da barra do MSN também parou de funcionar.

A falha foi publicada há pouco na bugtraq, contendo um link para o teste: http://www.malware.com/flopup.html

Êta povo porreta. O Liu Die Yu é um famoso pesquisador de segurança chinês que já descobriu dezenas(!!) de falhas no IE. Muitas ele nem tornou públicas, aguardando até arranjar um emprego decente e ser pago pelo que faz.

Veja o ingênuo, mas poderoso, currículo do Sr. Liu, um pouco desatualizado:

http://umbrella.name/people/liu.dieyu/

Muito curioso! Há pouco tempo ele estava querendo um computador, porque nem tinha um pra trabalhar: http://seclists.org/lists/isn/2003/Nov/0073.html

Um cara a se admirar!

Suri, a Spamvertised URIs filter using SURBL

Image
I am making a pair of postfix (and related) tools in perl that could be useful for some people, in some cases.

One is a "SURBL" technique filter to be plugged into amavis, that will check for spamvertised URI's against a "SURBL" server. It acts as an antivirus, checking for the content of the message. If it's configuerd for denial, it could lead to false positives, if the SURBL list in used is not very precise.

It was written based on a qpsmtpd plugin developed by Devin Carraway.

The other, which is in early stages of development, has the same objective, but is supposed to be used as a transparent (or not) SMTP proxy for postfix. Messages will be filtered and content will be DENIED in real time, so the sender will know the message was not delivered. Spammers don't care about smtp error codes, and real senders will be notified of the error.

I am aware that using transparent proxy is a bad idea in very loaded servers, so I am making different tools for …

Wikipedia daily articles: pills of knowledge

I've subscribed a few weeks ago to the Wikipedia daily articles list.

It's a nice way to relax and have a good reading, while taking courage to read all those bugtraq or postfix-users messages.

Fedora Core with Mysql 4

David Martínez was kind enough to put up a repository of MySQL 4 and further dependencies compiled for FC2.

http://dmnet.bitacoras.com/index.php?tb=2680

You may get the files directly from:

http://yum.garsan.ws/fedora/2/RPMS/RPMS.dmnet/

These packages fixed a very ugly behaviour I was getting with my mixed mysql lib's.
Every time I ran a perl with a MySQL DBI, it ended with Segmentaion Fault.
Now it's fine. Thanks David!

Another GMAIL INVITATION - gmail account

Follow this:

http://gmail.google.com/gmail/a-b9d1889ed4-aace3ad7cc-09d816d535

Everybody deserves a GMAIL account!

There were errors

Weeee. Blogger couldn't publish anything for several hours.

001 java.net.ConnectException: Connection timed out

It still can't.

To my usual thousands of daily readers, I can only apologize.

Please stop commenting at every posts. I can't read all your comments!

Domain hijackers

While testing for a better layout for the google ad you see in the left, I've got interested in one very evil service.

They call it Expired Domains Traffic. They are most of the times a disservice for the internet users, but I'm linking to them for public interest.

The idea is quite simple. They have a bot searching for the expiration of domains. When a domain expire, they buy it, and them make it redirect the traffic to their customers site.

What's the point there? Let them explain it:

About "Expired DomTraffic" Every day 1000s of previously registered domains expire, because the owner did not extend domain registration . If the owner does not pay the annual fee, the domain registrar will put the name on hold. With most registrars, an "on hold" domain stops working. Most registrars allow an additional grace period of 30-90 days for the domain owner to pay the annual fee. During this period, the registrar will generally contact the domain owner many ti…

Dedicated Servers

Image
I've start making a Dedicated Servers research, looking for good prices and interesting service.

The first I knew about was ServerMatrix. They have a nice site, the company is big (a subsidiary of The Planet) and the service seems fine. They even publish a live cam picture of their data center. Quite impressive.

The problem is their prices were raised lately. There was a no-setup promotional fee for one of the server options, and that is gone. Also, I believe they removed the cheapest server option. Finally, even the setup fee is now USD199.00. AFAIR, it used to be USD149.

Then I've found HiVelocity. I believe it was in either a google banner, or a simple google search link. As I was looking for a cheap server, the one that fit was 2.0 GHz Celeron with 1000gb metered bandwidth.

What impressed me was their very good use of PHP Live. I've talked to a sales person there, Drew Adams, who was a very competent guy at his job. It's obvious that sales team is very important, b…

Another Antispam Solution, or anti-spam solution

The amount of spam targeted to our servers is huge.

Sometimes, as much as 80% of e-mail that would be delivered to the servers is either spam or virus.

Dealing with that is part of my job, as the mail system admin. It's interesting, because it's challenging and results are fast and noticeable, if you apply the right techniques.

In our servers, we have some very old mail boxes that are in ALL spam lists. So we have a very worthy tool in our hands. We can use these accounts as tests for current tools and use them to train whatever other tool we'll be deploying.

In the last few days, I've been developing a new antispam solution that would be amazingly easy to manage and would give us dozens of possibilities on what to do with the information generated by the logs.

In a usual mail content scanning sollution, even if it's as powerful as DSPAM, you can't be sure wether you will have false positives, so you can't use that for black listing sources or whatever.

This tech…

Free Gmail Invitation

I have some spare Gmail invitations.
Follow this link. If you're lucky, you will get yourself a gmail account.
https://gmail.google.com/gmail/a-b9d1889ed4-28255a707f-0b189e69c9

Fedora Legacy is not that good

I needed updated squid packages last week for the security issue with ntlm_auth. That was several days after the bug was disclosed.

They didn't have that ready.

Just please notice that I am talking about the Fedora Legacy here, not Fedora Core.

Anyway, I am still too see a distro that make patches and publishes them as fast as Debian.

Mixed Debian with crappy libc

There is something crappy with my libc development files.
As I was forced to use backported version of Debian packages (something I won't recommend to anyone), I had some terrible problems that urged me to migrate to Fedora.

There have been security updates in the 2 or three last kernel versions, and I am not being able to easily upgrade due to compilation time errors.

After a make:

CC arch/i386/kernel/process.o
arch/i386/kernel/process.c:505: parse error before `*'
arch/i386/kernel/process.c:506: warning: return-type defaults to `int'
arch/i386/kernel/process.c:506: conflicting types for `__switch_to'
include/asm/system.h:13: previous declaration of `__switch_to'
arch/i386/kernel/process.c: In function `__switch_to':
arch/i386/kernel/process.c:576: warning: return from incompatible pointer type
make[1]: *** [arch/i386/kernel/process.o] Error 1
make: *** [arch/i386/kernel] Error 2


This is bad. I couldn't find the cause, although I didn't have tim…

LPI certificate is not what I expected.

Last friday I got my LPIC Level 1.

They sent the certificate itself, an id card asserting "John Doe" is a certified LPIC Level 1 professional and an ad from linux-magazine.com.

The certificate paper is cheap, too thin IMO. I thought Canada was the land of wood and paper :) Good quality paper shouldn't be so expensive there. And I paid 200 hundred dollars for that.

Also, it's bad propaganda since it sais I have a "[b]Level 1[b]" cert in big capitalized words. The unaware will underestimate my knowledges hehe.

Fedora Legacy is great

I just installed RH9, as required by the customer, and wondered if I would have problems with lack of official support and updates from Red Hat.

Thankfully, the Fedora Legacy project provides updates to RH9. It just takes a few commands, and it's all set.

:)
www.fedoralegacy.org

Anti Spam Solution

A good anti-spam solution must have at least two approaches:

An RBL check, and a learning tool of some sort.

When deploying an RBL check solution, one must note that the lists should be picked carefuly, since they could block HAM either.

It is important to implement exceptions lists, either, in order to ignore some key entries in the lists (murphy.debian.org, for example).

About the learning tool, this will the topic for a future post.

How to interpret vmstat output

Image
vmstat is a wonderful tool, whose output is a bit cryptic for the faint of the heart.



Proc
---
r: Processes actually running, waiting for some attention from the CPU
b: Uninterruptble sleeping processes (This I am yet to discover what does it mean)

Memory:
---
swpd: Virtual memory usage (swap areas are listed in /proc/swaps)
free: Idle memory
buff: Memory used as buffers, like before/after IO operations, I guess
cache: Memory used as cache.

Swap:
---
si: Memory swapped in from the disk
so: Memory swapped to the disk

IO:
---
bi: Blocks received from block device (like a hard disk)
bo: Blocks sent to a block device

System:
---
in: The number of interrupts per second, including the clock.
cs: The number of context switches per second.

CPU:
---
us: Time spent running non-kernel code. (user time, including nice time)
sy: Time spent running kernel code. (system time - network, IO interrupts, etc)
id: Time spent idle. Prior to Linux 2.5.41, this includes IO-wait time.
wa: Time spent waiting …

The power of hdparm

This shows the power of a well set hard disk controller:

BEFORE:
johnny:~# hdparm -tT /dev/hda

/dev/hda:
Timing buffer-cache reads: 128 MB in 0.58 seconds =220.69 MB/sec
Timing buffered disk reads: 64 MB in 8.89 seconds = 7.20 MB/sec

AFTER:
/dev/hda:
Timing buffer-cache reads: 128 MB in 0.60 seconds =212.66 MB/sec
Timing buffered disk reads: 64 MB in 1.57 seconds = 40.72 MB/sec

PS: The second test was made when the machine was under production. So the benchmark is underrated.