Posts

Showing posts from 2005

Stats

Finally, an easy-to-use and friendly stats engine for my blog... Thanks to http://www.sitemeter.com/ . See my stats here .

Gift Idea!

Image
I really need this shower notepad ! No kiddin'. ;-)

Hoax?

What is a hoax? The sound you make when you sneeze? Nah... It is a false rumor. You probaly receive e-mails saying, for example, that a little boy in a foreign country will earn 5 c ents every time you forward this e-mail... Or that a new virus has been announced by Microsoft? Those are not true, but forwarded by people who just don't know how to check. There is nothing good with these e-mail messages and their only consequences are losses of time for a lot of people. Please don't forward these e-mails before checking if the information they contain is real and true. But how to do that? I'll give you the means today. You need to know if a message is real or a hoax? Go see HoaxBuster (french) this other site . Anti-virus vendors also have such sections on their website ( Mcafee and Symantec ) You want to be aware of virus trends? Every anti-virus vendor has a database of viruses ( Mcafee , Symantec , Kaspersky ). Microsoft is not (as of today) an anti-virus vendo...

Basic tips for free security

Computer security is important for everyone. People often underestimate the cost of computer labour and think that when they buy a computer, there will be no other costs other than the purchase cost. Wrong! But you can easily reduce the risk of needing computer specialists' services with a few tips (there is no cost associated with those). Short version: get AVG anti-virus , free edition, and MS Anti-Spyware . Long version: Get a free anti-virus. I recommend AVG, Free Edition . Not really because it is the best... I haven't tested them all. However, it is the one I've been using at home for a long while and I'm pretty satisfied with it. It is also easier for me to help anyone who's using the same software as I use. Note: AVG Free Edition can not be used in a business context. It is only allowed for personal use at home. Please respect licences. WinClam is an open-source virus-scanner Get a free anti-malware program. If you have a legal copy of Windows...

Phishing

You don't know what phishing is? Well, it is basically a fraud attempt using e-mail messages. It is usually a malicious person who impersonates a big corporation, usually banks, or online services like eBay or Paypal, and ask you to go to some site and enter your credentials (username/password/card #) for whatever reason. What people usually don't know is that it is easy to make a link that leads somewhere else than what it says. For example, it is easy for me to make a link to one website, and make it look like another. For example: www.patatebleue.com links to google. So here are the rules... Banks never communicate with their clients by e-mail. Watch out for typos. Phising are usually full of mistakes. You should never be prompted by e-mail to "refresh" your password. Businesses don't deactivate their client's account just for the fun of it. Think about it: Customers are of value for a business, why close accounts? Also, most business gather informa...

Firefox 1.5 is here, with cool extensions!

Good news, the new Firefox is out! I tried it out and it has been reviewed many times already. I suggest you upgrade, unless you really need one extension that is not 1.5-ready yet. It has a few improvements over 1.0.x, such as: Automatic updates Faster browsing Drag-n-drop re-ordering of tabs Better pop-up blocking You can report sites that are not Firefox-friendly directly in Firefox Many others I also found many cool extensions thanks to this article . Go there and get cool extensions! What about security ? Well, Firefox 1.5 just got its first security alert . Critical? Nah... far from that. However, that doesn't mean Firefox is 100% secure. But the automatic update feature, it is getting close. It is a lot better than Internet Explorer, since Internet Explorer has roots in the Windows operating system, and Firefox doesn't. This means that a vulnerability in Internet Explorer can typically be more critical than a similar one in Firefox. But, I really believe th...

msncheck.41m dot com

Hi, I reported suspicious activities on this website recently msncheck dot 41m dot com to the SANS institute. They were offering to let people know who blocked them on MSN. But that required that you enter your MSN credentials (e-mail address/password). Do you remember you should never give your password to anyone? I must admit they looked fair and honest since they were recommending you to change your password before and after, so that they don't know your real password. But the thing is: do you have an idea of how much e-mail addresses they can harvest this way? That is an easy way to build a list of addresses to send spam or phishing... Now the site is down, but I don't know if my report has anything to do with it... I'll ask.

Greylisting

Hi, Just begun playing around with GreyListing. It is another anti-spam technique. Simply said, what it does is: It is based on tuplets (sender, recipient, originating IP). The first time a server receives a message of one specific tuplet, it says to the originating server : I don't accept your message now, please come back a bit later. Real e-mail servers usually respect this and retry a few (typically 15) minutes later. When the server retries, the delays don't apply and the message is accepted. Then, the tuplet is added to a database (held in memory, dumped once in a while on disk), so that this tuplet is not subject to greylisting (delays) for a given period Spambots, zombie infected computers don't retry, so a lot of spam is denied just there, no more processing is needed. The benefits are two-fold There is less spam in the users' mailboxes There is less load on mail servers. Effectively, most servers use anti-spam software that uses a lot of resources (ne...

Spam

Hi, Just got a spam in comments. I get an e-mail everytime there is a comment and I delete it if it is a spam right away, so spammers: don't waste your time.

m0n0wall gets a span port option!

Thanks to some people on the m0n0wall mailing list (Edward Mzj), who worked hard to add new features, it is now possible fot m0n0 to use an interface as a span port (also called 'mirror port'). A span port is usually used for packet sniffing and, more importantly, for Intrusion detection system usage. With a span port, all the traffic going through interfaces is 'copied' to the span interface so it can be sniffed by another computer. I'll finally be able to run an IDS at home without buying an (overkill) smart or manageable switch! Thanks guys!

APC (American Power Conversion)

For those who don't know, APC is a well-known manufacturer of power-protection equipement, such as UPSs and Surge protectors. An UPS is like a surge protector (protects your equpment from "too much electricity" (spikes, surges), but it has a battery pack that protect equipment in case of drop of voltage (brownout) or power outages. I had to deal with APC support yesterday. In fact, I was a troubleshooting an issue for about une week by e-mail and I called them yesterday. Here is my opinion about APC: 1- They make very good hardware, although I think that Powerware is offering UPSs that have more features (their 9000-serie). 2- I love their live support on their web site. It is probably the thing that makes me buy APC. I can chat directly with a sales rep before buying. 3- I don't like their software. I use Apcupsd on my Linux servers, for a reason. APC's software, PowerChute, will not install on a Linux server without having X installed. I don't instal...

Google Adsense

I'm trying Google Adsense. Feel free to click on links in the white box.

Other Linux Distro?

So, I don't really like Fedora Core 4 up to now. Very slow and a little too buggy. Still haven't found out how to get my second monitor to work, but I'd already like to try another linux distribution. I downloaded the Debian Netinstall iso and Ubuntu DVD. I tried the live-cd part of Ubuntu. Nice, sleek, full of packages available easily, including proprietary software (Wow... Acrobat Reader 7). It seems to be more stable than Fedora, but I only tried it live for about 30 minutes. I wonder if I should backup my Fedora installation before replacing it by Ubuntu. Or maybe Debian? I'm still not sure. I'd like to have something that just works. I can sometimes hate Windows, but Windows XP on my laptop just works and is stable. I just hope Linux on the desktop could be like it is on my servers. But is a different game. On servers, I run no graphical interface and no complex (or new) hardware. The setup on my servers are a lot more simple than what I want it...

Fedora Core 4 on my laptop

I had a bit of spare time at the office this week, so I decided to install (definitevely) linux on my laptop. I decided to go with Fedora Core 4, as I'm more familiar with Red Hat . I managed to get to a fully functionnal setup within a few days. The only thing I haven't worked out yet is getting my external display to work. I have a 17" external monitor which adds a little of workspace. I replaced Outlook with Evolution and its Exchange connector. I was already using Firefox for internet browsing and Thunderbird for my personal e-mail and newsgroups (via Gmane ). XMMS instead of Winamp and all other little gadgets (archive manager, etc.) have their equivalents on Linux. I bought Driverloader to be able to use Windows driver for my integrated wireless network card. All of this works pretty well. I do have a few complaint, though. It is slow. Slower than Windows :(. And I have stability problems. Of course, Fedora is bleeding edge, but... Evolution tends to crash (Ev...

MailScanner + Postfix on debian, install guide

I recently installed MailScanner on the linux.ca, a Debian server. It wasnt' too hard and I decided to write a guide on debian-administration.org . By the same token, people will be able to comment on it, so that it can be improved and corrected if necessary.

m0n0wall

Image
After trying unsuccessfully to get a decent commercial firewall, I discovered m0n0wall, which is open/free, and based on freeBSD. The stable version is very good, and the development version adds even more features. There is also another young product, called pfsense, that adds very interesting features (WAN load balancing, firewall failover, etc... and uses PF instead of IPFilter). To me, the strenghts of m0n0 are its simplicity, robustness, and the ability to do complex firewall rules in a simple manner (bridging, NAT, filtered routing). It also supports an (almost) unlimited # of interface, pptp + ipsec VPN. m0n0wall is made to be used primarely on WRAP boards and Soekris. See the complete feature set here . It can run off a hard disk drive, but a more interesting setup is with a flash card of a bootable cd/floppy (the floppy is for saving the settings). Using a WRAP board, it is possible to have a very good firewall appliance for about 150$. Links: m0n0wall PFSense WRAP Soekris

Writing? Yes!

Looks like a magazine might be interested in an article from me ! :). It'd be a technical article related to MailScanner aimed at an intermediate-advanced audience. In fact it will be an article describing how to install MailScanner and its friends on a linux server. If I have enough space, I'll try to cover Redhat, Debian and FreeBSD. I must have the article ready for the 15th of Sep. So I guess it should be published in October. Well, gotta start working on it now :). If you'd be interested in proofreading, please let me know... ugob at linux dot ca

Guitar

How come I forgot to talk about music... I try playing guitar as often as I can. It is really relaxing and helps me forget about the day's stress. I even started composing a couple of years ago... The result is quite good and I probably have about 10 compos up to now. The problem is that I'm a better composer than player. By this I mean that my compos are often a little too complex for me to play them perfectly. Maybe if I end up buying a classical it would fit my style (a lot of fingerpicking) better. For now I have an acoustic guitar and an elecric bass: The acoustic is a Jasmine (can't remember model). Jasmine is the lower-end brand of Takamine. The electric bass is a hand-made MF. I'd love to be able to eventually put all those songs on a CD. I'll probably give it out. I lack time for practicing and playing with other musicians. I think that my music is good, but it would be even better with a little piano (or other instrument) and maybe some percussion around i...

Timesheet.php

Timesheet.php is a php-mysql based package that allows me to maintain how I spend my consulting time. I can easily create invoices based on the info I put in Timesheet. You can create different clients and tasks, so it is easy to create reports.

Dokuwiki

Dokuwiki is a very nice wiki that is easy to install and is aimed at documentation. I like it because there is no database backend, only text files. Si it is very easy to maintain, backup, migrate, upgrade... and it has a very nice index page. I use it for many clients and for my own documentation. I suggested using this wiki for the new documentation site for MailScanner, and, well, you can see at http://wiki.mailscanner.info. Dokuwiki is available for download here .

Unison keeps directories in sync

Image
I started using Unison today. It was the missing part of my backup strategy. My backup strategy is to have mondorescue run on each of my linux servers once a day. This creates one or more .iso files that can be burned directly to a cd, which would be bootable. Therefore, even if the system is not bootable, you can still restore with this cd. You can also use mondo directly and restore from the .iso file. Once the .iso is created locally on the server, I use rsync to transfer it to a repository, where I store all my backups on a removable IDE drive. I have 2 drives like that, and I wanted to be able to bring one home every weekend, to make sure we don't loose data in case of a fire. I didn't need Unison just for that. The thing is that this server is also a repository for Symantec Ghost images, and I wanted to always have the most recent images on the hard drive. The solution? Well, I tried a simple tar, but that lasts 30 minutes. Unison recognizes which files has changed and co...

My lizard, Pod

Image
Pod is now a little more than one year old. He's a Chinese Water Dragon. Some think that it is rather silly to have a lizard as a pet. What do you do with a lizard? -some say. Well, I'd love to have a dog, but I think it wouldn't have the attention and care it deserves. I always liked reptiles, so I bought a lizard. It is very simple to maintain. When I went to Virginia for a cycling camp in my last vacation, I left him with a few crickets in this terrarium and he was in a top shape when I came back. Of course, it is not very demonstrative, but you can guess by its behavior when it is unhappy. You can see more pictures here .

MailScanner & al

Have I talked about MailScanner and its friends yet? Well, I guess I should. E-mail security has been my favourite topic in computing since I discovered MailScanner, which is an e-mail security package allowing one to filter spam, viruses, dangerous content, phishing attacks in an efficient, secure and robust way. It works with many other products (SpamAssassin, DCC, Pyzor, Razor, DNSBL for spam, up to 12 anti-virus engines, phpListAdmin, MailWatch, mailscanner-mrtg and Vispan for management/reporting) to provide a very complete solution. I also maintain a web page for the Most Asked Questions about MailScanner. I currently manage a MailScanner server here at home, one at my employer's premises, 3 for an e-mail security firm ( Lastspam ) and 9 for another one ( FSL ). Ah, and I'll probably install it on the primary mail server for linux.ca . FSL has worked very hard to develop SMGateway, which includes MailScanner and all the packages I just mentionned, with a very nice web i...

Live Help!

I finally installed Crafty Syntax Live Help on my production server. This package is used to provide a way to support people on your web site directly, with a chat session. I've known this program for a while, but I didn't want to install it untill I had time to translate it in french. Yes, my mother tongue is french. I've worked 3 days on the translation this week and I expect it to be finished before the end of next week. I suggest you try it and send a donation (or help me with the translation!).

VoIP

I just began reading about VoIP as I might have to implement a system soon. I kind of dream of setting up an Asterisk server, probably using the asterisk@home project (apparently based on CentOS!). I also discovered a very nice site about VoIP . I have many choice... Regular Telco lines, Meridian system, A mix of IP/Telco lines, or an Asterisk server with either only an IP connection a (DID, i think), Telco lines, or a mix. I've been shopping around and up to now the most responsive business is Netfone . If anyone has recommendations for me, please let me know.

Sysadmin Day

Don't forget the Sysadmin Day on the last friday of July. This year it is on the 29th of July.

MySQL replication

I have to do MySQL database replication at work. I just tested it on VMWare virtual machines and it works very well. With the help of this article : , I did it easily and quickly. To synchronise the database, I just did a regular dump to text file from phpmyadmin, then restored it on the servers through phpmyadmin again.

Tao Linux -> CentOS

I've been using Tao Linux (a clone of Red Hat Enterprise Linux) for a while and I just switched my home server to CentOS, which seems to offer better support. I'll probably make a donation soon. CentOS web site

Linux.ca

Hey, looks like it is coming to life! I'm a member of the CLUE (Canadian Linux Users Exchange). It provides its members with an alias, which I use for one of my e-mail addresses. They only have one server and when it goes down, we don't get our e-mails. So I offered my server as a backup mail server, that was almost one year ago. We finally did all that was needed this week and we're testing right now. Now linux.ca users benefit from mail server redundancy, but also from the MailScanner I've got on this server. Virus and Spam are not welcome anymore :). If all goes fine, I'll install MailScanner + friends on the main server next week. Know what? I think I found the problem with my keyboard. No more excuses allowed for typos!

Writing?

Yesteday, I sent a few e-mails to magazine editors. I'd like to see MailScanner discussed and mentionned a bit more. I might end up writing an article myself, how exciting ! :) Know what? I think my keyboard is dying.

Mountain Biking

Started mountain biking last week-end. Very nice sport, though a little dangerous. It is getting hot in here, summer seems to have finally managed to reach our part of the word :).

Virginia!

Image
I just came back for one week in West Virginia. I went there to relax and to ride my bike. In fact, it's a cycling training camp organized by Marc Dufour, from Groupe Centrifuge . The weather has been good all week, although a bit cold. But I'd rather have cool temperature than swet at 30 Celsius! We rode almost 700 Km in 9 days, but it was just hills. No flat for more thant 200 meters. The surroundings are delicious and people out there are so nice. BTW, Tori Amos wrote a very nice song called Virginia, on her Scarlett's Walk album.

First Post

Hey, this is my first post. Will come back later to add more...