Thursday, January 31

Inbox Zero

Merlin Mann, who is the author of 43folders.com, presented this talk at Google about Inbox Zero.  Or processing your email.  I suggest a check out.



 Subscribe in a reader

Inbox Zero

Merlin Mann, who is the author of 43folders.com, presented this talk at Google about Inbox Zero.  Or processing your email.  I suggest a check out.



 Subscribe in a reader

AT&T Wireless Data Outage

Originally posted here.

Thanks all of you that have written in. We have seen the articles that say that AT&T is having a wireless data outage.

We have heard from multiple sources on the issue, and it seems to be limited to only certain regions of the US. (Central and South East primarily). I am currently in the NE section of the country, writing this entry on my AT&T 3G Wireless card. So I know it's working here (plus my iPhone and my wife's Blackberry work fine too).

We have also heard that this problem has been resolved. So everything should be back (if not already) to normal soon.

Subscribe in a reader

AT&T Wireless Data Outage

Originally posted here.

Thanks all of you that have written in. We have seen the articles that say that AT&T is having a wireless data outage.

We have heard from multiple sources on the issue, and it seems to be limited to only certain regions of the US. (Central and South East primarily). I am currently in the NE section of the country, writing this entry on my AT&T 3G Wireless card. So I know it's working here (plus my iPhone and my wife's Blackberry work fine too).

We have also heard that this problem has been resolved. So everything should be back (if not already) to normal soon.

Subscribe in a reader

Tuesday, January 29

So, you want RSS feeds in your inbox?

One thing I liked about the new Mail.app in Leopard was the ability to aggregate not only my email, but RSS feeds right into my inbox, so I could just scroll through and read all my feeds in line with my email.

Well, Mutt doesn't do it natively, and I couldn't find a patch in the 10 seconds I was Googling to perform this action.  However, I did find a nice tool called "rss2email".  A program written in python that takes the rss feeds that you give it, reads them, parses them into either plaintext or html, and then sends them to you via whatever smtp server you want.

It works great and I highly recommend it.  All you have to do to automate it is to cron it.  Done.

 Subscribe in a reader

So, you want RSS feeds in your inbox?

One thing I liked about the new Mail.app in Leopard was the ability to aggregate not only my email, but RSS feeds right into my inbox, so I could just scroll through and read all my feeds in line with my email.

Well, Mutt doesn't do it natively, and I couldn't find a patch in the 10 seconds I was Googling to perform this action.  However, I did find a nice tool called "rss2email".  A program written in python that takes the rss feeds that you give it, reads them, parses them into either plaintext or html, and then sends them to you via whatever smtp server you want.

It works great and I highly recommend it.  All you have to do to automate it is to cron it.  Done.

 Subscribe in a reader

Jobs named "most powerful person in business"

We all know by now that I admire Steve Jobs for his taste and vision.

This morning Fortune published an article (via cnn.com) that named Steve Jobs the most "powerful person in business"

Quote: "That's five industries that Jobs has upended - computers, Hollywood, music, retailing, and wireless phones. At this moment, no one has more influence over a broader swath of business than Jobs. "

Also there's a related article.  Expanding upon the point.

 Subscribe in a reader

Jobs named "most powerful person in business"

We all know by now that I admire Steve Jobs for his taste and vision.

This morning Fortune published an article (via cnn.com) that named Steve Jobs the most "powerful person in business"

Quote: "That's five industries that Jobs has upended - computers, Hollywood, music, retailing, and wireless phones. At this moment, no one has more influence over a broader swath of business than Jobs. "

Also there's a related article.  Expanding upon the point.

 Subscribe in a reader

Back to my Mac

I've posted on Back to my Mac before.  Basically the theory of "I think this will be cool, and I'll use it".  Turns out after I got it, I couldn't get it to work.  I had a Linksys router, nice one too, one of the top of the line B/G models (well, top of the line when it came out).   After I read lots of forums on Apple.com saying that you need to enable "UPnP" on the router, and this and that, and do you have portmapping for these ports?  Open this.  Poke a hole here.  Yuck.

Well, this past Friday I got rid of the Linksys router.  I called up my ISP, got some directions for how to switch routers (some ISP's basically have the equivalent of port security on, so you can't change your router.  My ISP in Georgia was like this).  Turns out all I had to do was either have them reset my modem on my end, or I could simply unplug the coax for about 10 minutes while the mac addresses cleared.  Faster to have them reset it, so the nice lady did.

I've had my Airport Wireless Extreme Base station for awhile now but only used it for my macs in order to get full speed to each other.  As I said in this post, I got rid of the Linksys as my gateway and just put the Apple Base station there instead.  (Technically the title of that article is wrong, as I didn't get a "new router".  I just moved it.)

Well, today, being my first day back to work, and more importantly the first time I thought about testing Back to my Mac from an external connection before.  Guess what.  

Plugged in my AT&T 3G wireless cell card today into my laptop when I got to work, and lo and behold -- Back to my Mac worked!  There were all my computers I have here at the house right on my "Sources" list in Finder.  I could connect to them remotely, get files off the disks, use Spotlight on their drives, and even grab ahold of the screen using "Share Screen" and control my Mac's remotely just as advertised!

The best part?  It was actually fast.  I did notice a bit of latency here and there, especially with complex animations (the dock magnification and such).  But otherwise the refresh and display of the apps remotely was fast, and even better, it was useable!

So, for those of you that have problems getting Back to My Mac to work, when it comes to 3rd party routers, I have no advice for you.  But my advice officially is... Buy an Apple Base Station to use as your gateway.   Better yet, wait for Time Capsule to come out that way you have a backup drive on your network.  Good luck!

 Subscribe in a reader

Monday, January 28

MacWorld

Now, since during this year's MacWorld, I was at our corporate annual kickoff event sitting in presentations,  I had not yet gotten the opportunity to watch Steve Job's Keynote that he gave at the event.

So, when my wife fell asleep on the couch this evening, I decided I'll go ahead and watch it in HD.  So I did.  I did notice a couple things though, first off I notice Steve Jobs make about 4 mistakes in his presentation (and no, I was not counting).  But I heard him say "Tiger" when he actually meant "Leopard" and other minor mistakes like that.  Makes me realize that even if you are arguably one of the best presenters alive right now, even you too can make mistakes.  

However this is on thing that I did notice.  At one point in the beginning when he is introducing the "Time Capsule" product, he walks in front of a screenshot of Time Machine up on the screen.  In the lower left corner, there is a button that isn't there normally on Time Machine.  It said "Show only changes in files".  Or something similar.  I went and looked at the Time Machine screen shot (linked above) on the Apple website, and sure enough it's not there.  

So my guess is, in 10.5.2 which is due out soon,  (Next week, I am predicting), not only will you have the ability to restore backups of files, but you will be able to diff and revert to an older version of a file?  

Sounds plausible, we shall see.

 Subscribe in a reader

Back to my Mac

I've posted on Back to my Mac before.  Basically the theory of "I think this will be cool, and I'll use it".  Turns out after I got it, I couldn't get it to work.  I had a Linksys router, nice one too, one of the top of the line B/G models (well, top of the line when it came out).   After I read lots of forums on Apple.com saying that you need to enable "UPnP" on the router, and this and that, and do you have portmapping for these ports?  Open this.  Poke a hole here.  Yuck.

Well, this past Friday I got rid of the Linksys router.  I called up my ISP, got some directions for how to switch routers (some ISP's basically have the equivalent of port security on, so you can't change your router.  My ISP in Georgia was like this).  Turns out all I had to do was either have them reset my modem on my end, or I could simply unplug the coax for about 10 minutes while the mac addresses cleared.  Faster to have them reset it, so the nice lady did.

I've had my Airport Wireless Extreme Base station for awhile now but only used it for my macs in order to get full speed to each other.  As I said in this post, I got rid of the Linksys as my gateway and just put the Apple Base station there instead.  (Technically the title of that article is wrong, as I didn't get a "new router".  I just moved it.)

Well, today, being my first day back to work, and more importantly the first time I thought about testing Back to my Mac from an external connection before.  Guess what.  

Plugged in my AT&T 3G wireless cell card today into my laptop when I got to work, and lo and behold -- Back to my Mac worked!  There were all my computers I have here at the house right on my "Sources" list in Finder.  I could connect to them remotely, get files off the disks, use Spotlight on their drives, and even grab ahold of the screen using "Share Screen" and control my Mac's remotely just as advertised!

The best part?  It was actually fast.  I did notice a bit of latency here and there, especially with complex animations (the dock magnification and such).  But otherwise the refresh and display of the apps remotely was fast, and even better, it was useable!

So, for those of you that have problems getting Back to My Mac to work, when it comes to 3rd party routers, I have no advice for you.  But my advice officially is... Buy an Apple Base Station to use as your gateway.   Better yet, wait for Time Capsule to come out that way you have a backup drive on your network.  Good luck!

 Subscribe in a reader

MacWorld

Now, since during this year's MacWorld, I was at our corporate annual kickoff event sitting in presentations,  I had not yet gotten the opportunity to watch Steve Job's Keynote that he gave at the event.

So, when my wife fell asleep on the couch this evening, I decided I'll go ahead and watch it in HD.  So I did.  I did notice a couple things though, first off I notice Steve Jobs make about 4 mistakes in his presentation (and no, I was not counting).  But I heard him say "Tiger" when he actually meant "Leopard" and other minor mistakes like that.  Makes me realize that even if you are arguably one of the best presenters alive right now, even you too can make mistakes.  

However this is on thing that I did notice.  At one point in the beginning when he is introducing the "Time Capsule" product, he walks in front of a screenshot of Time Machine up on the screen.  In the lower left corner, there is a button that isn't there normally on Time Machine.  It said "Show only changes in files".  Or something similar.  I went and looked at the Time Machine screen shot (linked above) on the Apple website, and sure enough it's not there.  

So my guess is, in 10.5.2 which is due out soon,  (Next week, I am predicting), not only will you have the ability to restore backups of files, but you will be able to diff and revert to an older version of a file?  

Sounds plausible, we shall see.

 Subscribe in a reader

Sunday, January 27

Microsoft Makes Zero Day Exploit Recommendation: Buy a Mac

Got an alert today via Google, titled "Microsoft Makes Zero Day Exploit Recommendation: Buy a Mac."

I thought that was very interesting, so I followed the link.  The link said:
"Unconfirmed sources report that draft recommendations from Microsoft on how to defeat the Zero Day problems includes buying an Apple iMac Computer. The draft document printed on internal Microsoft letterhead was leaked to Unconfirmed Sources by a member of the Zero Day crisis team that has been working around the clock in Redmond, home of Microsoft."

Read into that what you will.

THIS JUST IN, I DID IT WRONG.  Unconfirmedsources.com is a satirical site.  I was p0wned.  This whole article above is fake.  Thanks to CunningPike and scottder.

 Subscribe in a reader

Microsoft Makes Zero Day Exploit Recommendation: Buy a Mac

Got an alert today via Google, titled "Microsoft Makes Zero Day Exploit Recommendation: Buy a Mac."

I thought that was very interesting, so I followed the link.  The link said:
"Unconfirmed sources report that draft recommendations from Microsoft on how to defeat the Zero Day problems includes buying an Apple iMac Computer. The draft document printed on internal Microsoft letterhead was leaked to Unconfirmed Sources by a member of the Zero Day crisis team that has been working around the clock in Redmond, home of Microsoft."

Read into that what you will.

THIS JUST IN, I DID IT WRONG.  Unconfirmedsources.com is a satirical site.  I was p0wned.  This whole article above is fake.  Thanks to CunningPike and scottder.

 Subscribe in a reader

Friday, January 25

New Router

In my network I've had two routers.  Linksys was my gateway, and hooked to that was a gigabit switch, which all the machines in my network were connected to.  Also attached to that switch was an Apple Airport Extreme which all my Apple wireless computers were connected to, to take advantage of the 802.11n features.

Today I just eliminated the Linksys router and am now letting the Airport Extreme manage the gateway and the network (the switch is still there).  My network is not only faster, (like I can download at ungodly rates and network transfers are actually as fast as they are supposed to be) but more reliable.

I had no idea that just that small of a change could make such a big difference.

 Subscribe in a reader

New Router

In my network I've had two routers.  Linksys was my gateway, and hooked to that was a gigabit switch, which all the machines in my network were connected to.  Also attached to that switch was an Apple Airport Extreme which all my Apple wireless computers were connected to, to take advantage of the 802.11n features.

Today I just eliminated the Linksys router and am now letting the Airport Extreme manage the gateway and the network (the switch is still there).  My network is not only faster, (like I can download at ungodly rates and network transfers are actually as fast as they are supposed to be) but more reliable.

I had no idea that just that small of a change could make such a big difference.

 Subscribe in a reader

Thursday, January 24

Getting Things Done (GTD), Mutt, and Vim

I've Googled about 100 articles in the past couple days detailing how people best use Mutt to implement their theory of how GTD works for them. I found alot of good articles, but many implemented alot of scripts and extra headers, and tagging... yuck. Way too much!

The point of GTD is to make the world and your email in particular work for you, not you work for it. I don't want to manually have to edit a "X" header everytime I want to tag an email with "Defer" or "Reply". I want to just hit a one or two keystroke combination and be done with it.
The major point of GTD is to navigate through life easier, not have alot of things pending in your mind. Get it out of your mind and get it on paper, (or whatever) and be done with
thinking about it. Just have it in a trusted bucket where you can store stuff.

So I have a different theory. First off let me preface this by saying that I do not keep my To-Do list and "Next Actions" list in Mutt. I use a VIM outline. This is an excellent way for me to keep up on how things are going with my actions simply by looking at them. I know what needs
to be done next, I know what things I am waiting on, all at a glance.  This is how I envisioned it.

My contexts are simple:

@home -- All the tasks that could be done at home, Cleaning the Garage, organizing the basement, getting the taxes together, being an awesome dad. You get the picture.


@work -- All the tasks that could be (should be, have to be) accomplished at work. Doing Timesheets, filing bug reports, answering email, talking with a coworker about a project.


@waiting -- Stuff I am waiting on someone else for. Do I need to ping them? No, but I reguarily review my @waiting list to make sure that people get back to me on items, and if they don't then I make a next action item to ping them back @work or @home.


@someday -- Someday/Maybe. All the things I'd like to accomplish someday. Clean out my Closet, Finish that Snort paper i've been working on.


@review -- Weekly/Daily tasks. This is usually the first thing I check. Things I need to do "today". If I need to do something on a particular day, I'll make an appt in iCal to do it. Nothing goes on the calendar unless it WILL get done that day. The Calendar is sacred territory. Then I make a reminder in iCal to alert me. Things I need to accomplish that are "next action items" in @home or @work, I'll simply say "check @work" in my @review list. Simple.


@phone -- Phone calls I need to make. These can be done anywhere.  Whenever I have a chance to do them, I'll make a couple phone calls.  Things rarely go in there because I basically loathe talking on the phone. I'd rather do everything through IRC, IM, or email. I keep records of stuff this way.

That's it. Under the contexts, if I have a particular project I'll indent it. For example.
@home
Clean Garage
-- Go to Lowe's
-- Buy Shelves
-- Assemble Shelves
-- Make time to clean Garage
-- Clean Garage

Simple enough. When I indent once, it's a project, any indents under the project are next action items. Now, next to the Next action items, I have lines. "--". Let me define my lines.

-- To do.
++ Cancelled.
\- Done
-> Deferred or assigned to someone else
?- Waiting on this.

That's it. No need to get tricky. Now I can easily glance at my list and tell what needs to be done, what has been done, and what I am waiting on.

KISS principle. Keep It Simple Stupid!

Now, for the other part. Email, mutt (or muttng -- which I use) and how I have it implemented.

Before I started the GTD philsophy, I used the folder method. You know the one.. "All email from Sourcefire goes in the Sourcefire folder." "All email from snort-users list goes in the snort-users list folder." What do you wind up with? A hundred folders! This isn't the most
efficient way to do anything. So I had to get away from that. I started thinking, what is the most efficient way of sorting email? I got a hold of a friend of mine Emory, and asked him what he did (he's a big GTD guy as well), and he gave me a couple thoughts. So I took his ideas, combined them with a couple of my ideas, and here we are.

I made 4 folders.
_Read -- Emails I have read.
_Reply -- Emails I need to reply to, but it will take me over 2 minutes to do so. (GTD's philosophy is, if it takes >2 minutes to do something, you need to alot some time to do it. If it takes <2>

_Waiting -- Emails that I am waiting on someone else to get back to me about the contents on.

_Defer -- Emails that I assigned to someone else but I need to stay in on until completion (things rarely go here).

I have another folder called "lists" that I already had. Under the folder lists I had about 20 subfolders with all the listservers I subscribe to. This.. was too much for easy sorting.

First thing I did was move all the email from all the subfolders under "lists" and put it in "lists". Of course, I wound up with about 13,000 emails in here, but who cares? It's all in context and it will make more sense in a second.
Second thing I did was change all my procmail recipes (or rules) to instead of putting everything in subfolders of "lists", just dump it all in "lists".
Third thing I did was get rid of all the auto-processing rules to sort emails by sender. I had rules in there, if they came from sourcefire.com to put into a folder called sourcefire. If it came from apple.com or mac.com, put it in apple. Too much. Put it all in the inbox. Pretty
simple so far.

The next thing I did, since I am going to have more email coming into my inbox now, is to have a way to easily process it. I wanted to be able to read an email, mark it, and know exactly where it is. "Hey that email from Billy-bob, is it in sourcefire? is it in snort-users? In defer? Where
the hell did I put that". Spotlight on the mac makes this very nice, however, I am using mutt. So I needed a better way. Finally I came up with my answer. Macros. I wanted to be able to mash a key or two and have my email sort automatically after I get done reading it. So I made
some muttng macros.
macro index,pager \1 "=_Read" "Save Message to _Read"
macro index,pager \
2 "=_Reply" "Save Message to _reply"
macro index,pager \
3 "=_Waiting" "Save Message to _waiting"
macro index,pager \
4 "=_Defer" "Save Message to _defer"
macro index,pager \
5 "=lists" "Save Message to Lists"
macro index,pager \
6 "=spam" "Move Message to spam"

Now, when I mash "esc 1" the email is copied to _Read and marked for deletion in Inbox. No selecting the folder, no hitting "yes" no hitting enter. I just mash Esc-1. Done.
Same thing with 2, 3, 4, 5, and 6. I don't have to change headers or anything. They are sorted by folder, and I don't have to worry about it. I use the sidebar patch (built into muttng) to see how many emails I have in each folder at a glance. If you use mutt and you don't use the
sidebar, I suggest a look. Very handy.

That's it. In my sidebar I have 6 folders. Now my workflow is simple.

Email comes in, do I need to respond, or assign it to someone else? Yes or No?   If yes, will the response take longer than two minutes. If Yes, file to _Reply, if No, respond. If I do not need to respond file to _Read. If I need to assign it to someone else, forward it. If I need to
track it, the email goes to _defer until tracking is done, then it goes to _read.

All listserv traffic goes to lists. I check this a couple times a day just to skim through.

The spam folder is for spam (duh). And I get ALOT of spam. Fortunately for me, I have built some really bullet-proof spam rules in procmail and they do 95% of the sorting for me. However. Everyone once in awhile, a real email will get sent to spam (empty subjects, people who write in all caps, people who send me subjects with all Caps, or a whole bunch of
!!!!!).

The only other folder that is automatically filed is a folder called "big". All emails that have attachments that are over 3 mb/s in size go to this folder. This rarely happens and 100% of the time people will ask me "Hey I just sent you an email with a bunch of pictures in it, did you get it?"  I'll go check big. Done.

I think this system will work for me. Let me know if any of it works out for you.

Subscribe in a reader

Getting Things Done (GTD), Mutt, and Vim

I've Googled about 100 articles in the past couple days detailing how people best use Mutt to implement their theory of how GTD works for them. I found alot of good articles, but many implemented alot of scripts and extra headers, and tagging... yuck. Way too much!


The point of GTD is to make the world and your email in particular work for you, not you work for it. I don't want to manually have to edit a "X" header everytime I want to tag an email with "Defer" or "Reply". I want to just hit a one or two keystroke combination and be done with it.
The major point of GTD is to navigate through life easier, not have alot of things pending in your mind. Get it out of your mind and get it on paper, (or whatever) and be done with thinking about it. Just have it in a trusted bucket where you can store stuff.

So I have a different theory. First off let me preface this by saying that I do not keep my To-Do list and "Next Actions" list in Mutt. I use a VIM outline. This is an excellent way for me to keep up on how things are going with my actions simply by looking at them. I know what needs
to be done next, I know what things I am waiting on, all at a glance.  This is how I envisioned it.

My contexts are simple:

@home -- All the tasks that could be done at home, Cleaning the Garage, organizing the basement, getting the taxes together, being an awesome dad. You get the picture.

@work -- All the tasks that could be (should be, have to be) accomplished at work. Doing Timesheets, filing bug reports, answering email, talking with a coworker about a project.

@waiting -- Stuff I am waiting on someone else for. Do I need to ping them? No, but I reguarily review my @waiting list to make sure that people get back to me on items, and if they don't then I make a next action item to ping them back @work or @home.

@someday -- Someday/Maybe. All the things I'd like to accomplish someday. Clean out my Closet, Finish that Snort paper i've been working on.

@review -- Weekly/Daily tasks. This is usually the first thing I check. Things I need to do "today". If I need to do something on a particular day, I'll make an appt in iCal to do it. Nothing goes on the calendar unless it WILL get done that day. The Calendar is sacred territory. Then I make a reminder in iCal to alert me. Things I need to accomplish that are "next action items" in @home or @work, I'll simply say "check @work" in my @review list. Simple.

@phone -- Phone calls I need to make. These can be done anywhere.  Whenever I have a chance to do them, I'll make a couple phone calls.  Things rarely go in there because I basically loathe talking on the phone. I'd rather do everything through IRC, IM, or email. I keep records of stuff this way.

That's it. Under the contexts, if I have a particular project I'll indent it. For example.
@home
Clean Garage
-- Go to Lowe's
-- Buy Shelves
-- Assemble Shelves
-- Make time to clean Garage
-- Clean Garage

Simple enough. When I indent once, it's a project, any indents under the project are next action items. Now, next to the Next action items, I have lines. "--". Let me define my lines.

-- To do.
++ Cancelled.
\- Done
-> Deferred or assigned to someone else
?- Waiting on this.

That's it. No need to get tricky. Now I can easily glance at my list and tell what needs to be done, what has been done, and what I am waiting on.

KISS principle. Keep It Simple Stupid!

Now, for the other part. Email, mutt (or muttng -- which I use) and how I have it implemented.

Before I started the GTD philsophy, I used the folder method. You know the one.. "All email from Sourcefire goes in the Sourcefire folder." "All email from snort-users list goes in the snort-users list folder." What do you wind up with? A hundred folders! This isn't the most
efficient way to do anything. So I had to get away from that. I started thinking, what is the most efficient way of sorting email? I got a hold of a friend of mine Emory, and asked him what he did (he's a big GTD guy as well), and he gave me a couple thoughts. So I took his ideas, combined them with a couple of my ideas, and here we are.

I made 3 folders.
Archive -- Emails I have read.
Listservs -- Emails from Listservers, I don't read these as often and all the listserv traffic is put into this folder on the server.

Waiting -- Emails that I am waiting on someone else to get back to me about the contents on.

First thing I did was move all the email from all the lists under "listservs". Of course, I wound up with about 13,000 emails in here, but who cares? It's all in context and it will make more sense in a second.

Second thing I did was change all my procmail recipes (or rules) to instead of putting everything in subfolders of "lists", just dump it all in "listservs".
Third thing I did was get rid of all the auto-processing rules to sort emails by sender. I had rules in there, if they came from sourcefire.com to put into a folder called sourcefire. If it came from apple.com or mac.com, put it in apple. Too much. Put it all in the inbox. Pretty
simple so far.

The next thing I did, since I am going to have more email coming into my inbox now, is to have a way to easily process it. I wanted to be able to read an email, mark it, and know exactly where it is. "Hey that email from Billy-bob, is it in sourcefire? is it in snort-users? In defer? Where the hell did I put that". Spotlight on the mac makes this very nice, however, I am using mutt. So I needed a better way. Finally I came up with my answer. Macros. I wanted to be able to mash a key or two and have my email sort automatically after I get done reading it. So I made some muttng macros.
macro index,pager \e1 "<copy-message>=Archive\ny<delete-message>" "Save Message to Archive"
macro index,pager \e
2 "<copy-message>=Listservs\ny<delete-message>" "Save Message to Listservs"
macro index,pager \e
3 "<copy-message>=Waiting\ny<delete-message>" "Save Message to Waiting"


Now, when I mash "esc 1" the email is copied to Archive and marked for deletion in Inbox. No selecting the folder, no hitting "yes" no hitting enter. I just mash Esc-1. Done.

Same thing with 2, 3, 4, 5, and 6. I don't have to change headers or anything. They are sorted by folder, and I don't have to worry about it. I use the sidebar patch (built into muttng) to see how many emails I have in each folder at a glance. If you use mutt and you don't use the
sidebar, I suggest a look. Very handy.

That's it. In my sidebar I have 6 folders. Now my workflow is simple.

Email comes in, do I need to respond, or assign it to someone else? Yes or No?   If yes, will the response take longer than two minutes. If Yes, file to Archive, if No, respond. If I do not need to respond file to Archive. If I need to assign it to someone else, forward it. If I need to
track it, the email goes to Archive and I create a todo in Omnifocus to track it until tracking is done, then it goes to Archive.

All listserv traffic goes to listservs. I check this a couple times a day just to skim through.

The spam folder is for spam (duh). And I get ALOT of spam. Fortunately for me, I have built some really bullet-proof spam rules in procmail and they do 95% of the sorting for me. However. Everyone once in awhile, a real email will get sent to spam (empty subjects, people who write in all caps, people who send me subjects with all Caps, or a whole bunch of "!!!!!").

I think this system will work for me. Let me know if any of it works out for you.

Subscribe in a reader

Tuesday, January 22

Pownce is open to all

It's been a long time in the works now, but Pownce is finally open to the public. Be sure and get an account if you are into the Web 2.0 stuff. (I "kinda" am.)

Add me as a buddy if you go there. JoelEsler is my username.


Subscribe in a reader

Pownce is open to all

It's been a long time in the works now, but Pownce is finally open to the public. Be sure and get an account if you are into the Web 2.0 stuff. (I "kinda" am.)

Add me as a buddy if you go there. JoelEsler is my username.


Subscribe in a reader

Mailing lists and "Botnets: How they are getting better"

I am subscribed to a couple dozen security type mailing lists. It's one of the best way for sharing of information. A small list:

Incident list (although, i think this one is dead)
fedtalk (An Apple list for people that work for .gov/.mil)
53L (An army.mil list for people in the computer profession)
botnet list
(various internal Sourcefire lists)

Now, I am a member on several more, however, those I am not at liberty to discuss... so anyway, moving on.

I got an email on one of my lists today detailing a web-gui for managing a botnet. Yes, seriously. You can go to this website (I am assuming it's hacked as well) login to this website and manage your botnets point & click style!

Remember the days when you could manage your botnets via IRC? Well, if you want to do things the old school way, fine. But we are Web 2.0 now!

This website is great, it allows you to login, select which targets you want to DDOS (or run other commands as well), even allows you to pick which bots you want to use to perform the attack! (all? Bots that have a ping time < X?) How handy is this?

In the new age of managing your bots. For fun and profit. Welcome.

Subscribe in a reader

Monday, January 21

One of my predictions comes true (supposedly)

While this is seemingly obvious, we've all known Apple to not doing things that were obvious.  Anyway...

I predicted that the multitouch trackpad on the MacBook Air will make into the rest of the line of the laptops.  AppleInsider says I'm right.

 Subscribe in a reader

RSS Feeds, all in one place

I've been using Feedburner for quite awhile now to serve up my RSS and Atom feeds for this blog.  It keeps really nice stats and I like how it keeps a good subscriber count, auto-pings all the blog update services, and reformats my blog so that every reader can read it correctly.

So, using mod_rewrite I am sending all the atom.xml and rss.xml subscribers over to feedburner.  Hopefully this won't cause alot of headaches.  It certainly makes things easier for me.

 Subscribe in a reader

One of my predictions comes true (supposedly)

While this is seemingly obvious, we've all known Apple to not doing things that were obvious.  Anyway...

I predicted that the multitouch trackpad on the MacBook Air will make into the rest of the line of the laptops.  AppleInsider says I'm right.

 Subscribe in a reader

RSS Feeds, all in one place

I've been using Feedburner for quite awhile now to serve up my RSS and Atom feeds for this blog.  It keeps really nice stats and I like how it keeps a good subscriber count, auto-pings all the blog update services, and reformats my blog so that every reader can read it correctly.

So, using mod_rewrite I am sending all the atom.xml and rss.xml subscribers over to feedburner.  Hopefully this won't cause alot of headaches.  It certainly makes things easier for me.

 Subscribe in a reader

Thursday, January 17

Excel 0-day

I've started to notice that a bunch of people are Googling for "Excel 0-day" and getting to my website.  

Yes, there is a new vulnerability out there for Excel.  Called 08-0081.  Well, seeing as how people are interested in it, and I believe in our own VRT, check out the new release of OfficeCat at Snort.org.   

 Subscribe in a reader

MacWorld, Sales Kickoff, and where I have been

This week I am in Annapolis with the entire of Sourcefire to hold our annual sales kickoff that we do once a year.  Good times had by all.  I get to hang with everyone, meet all the people that I haven't met yet, and generally have a good time.   We had a big meeting the other day when everyone was in the room together, and I looked around and said to myself...  "Who are all these people!?" So I can only feel how people like Caswell or Baker or Roesch feel.  

This is actually the first sales kickoff i've ever had the opportunity to attend.  The first opportunity was when Sourcefire was attempting to be purchased by CHKP.  Not everyone went to that kickoff.  In fact, I think I was working that week, I was in Florida or something.  Anyway...  The next kickoff, I wasn't able to be at either.  Reason being?  

My daughter is 1.  Happy Birthday pumpkin.

So, it's good to be with all my friends, put faces with names, and in reverse as well.  People come up to me all the time and say "Oh, you are Joel Esler?"  I don't know whether that's a good or a bad thing.  (Probably bad, famous or infamous.  Fine line.)

So, finally, this week was also MacWorld out in San Fran at the lovely Moscone Center.  Naturally, since most of the people I work with know that I am a big Mac aficionado, I am getting constant questions about "Did you see ____", "What do you think about ____", and "Are you going to buy _____".

So here's my take, a few current thoughts, a few future thoughts.

Steve Jobs said he had 4 things that he wanted to talk about, so we'll bring the 4 up and I'll talk about them in my own colorful way.

 1. Time Capsule -- A wireless (802.11n) access point with either a 500 GB or a 1 TB drive built into it.  This is a great idea.  I will probably be picking one of these up.  I really like the thought of being able to backup my laptop, desktop, and my wife's laptop to one Time Machine enabled drive.  Now, I can do that.  Future?  Apple will eliminate the separate Airport Extreme base station, Time Capsule will become standard, so they will have to rename it.  But they will build another feature into it first.  Not sure that that would be, I'll have to think about it.
2.   iPhone/iPod Touch updates -- The ability to rearrange your main screen icons, create new screens, create button launched web pages (web clips), triangulation with Google Maps, and multi-recipient SMS messaging.  I like this as well.  The ability rearrange my icons on the screen is nice.  All the apps I use highly are on my "home row" at the bottom.  Internet Apps on one screen, and the apps I don't use very much on another.   All of these are nice touches and I am glad that Apple did it.  Future?  They allowed us separate pages to get ready for the SDK.   People are going to have a ton of apps on these devices soon, so Apple needed a way to make room.
3.   iTunes movie rentals -- Logical.  The ability to rent movies from iTunes (instead of buying them), and further more, new AppleTV software so that you are able to rent movies directly from your couch.  Look ma!  I don't even have to get up to go to Blockbuster now!  Future?  This was a logical step, and I really hope it works out for Apple this time.  While the AppleTV in it's previous iteration was nice, even I don't have one.  But now, it's an enticing thought.  I don't know what the future holds for this, aside from the ability to purchase more and more movies.  Probably a 1080p refresh in a year or so.
4.   MacBook Air -- Ultrathin laptop.  Enough said.  You've heard about this by now, if you have seen any type of media in the past two days.  Now, this product makes for some really interesting futures discussion.  Future?  This is a test.  A test to see if Apple customers really will be able to handle life without a optical drive.  (And they will.)  Within a year, (probably next year's MacWorld)  Apple will do away with all optical drives on all their laptops, all the laptops will get thinner, and all of the laptops will get multitouch pads.  Now, as far as the touchpads are concerned, I am beginning to wonder, since we do some simple gesture based stuff in Leopard now (two finger scroll, etc) will you be able to do this kind of stuff on present MacBook's and MacBook Pro's?  Steve hinted at when it this technology was coming out, in February.  What else is shipping in Feb?  Time Capsule.  The iPhone SDK.  Since this is largely all controlled by software, in this case, Leopard.  Leopard 10.5.2 will be out in February, and it will be a huge update.  I could even see the ability to do multitouch gestures on our present laptops.  I don't think the laptops will get as thin as this one, however, after the axeing of the Optical drives on the laptops, there is nothing to hold them back from making it smaller.  So, that's my guess.

I think the stuff he introduced on Tuesday was useful and I like it.  What do you think?

Wednesday, January 16

MacWorld, Sales Kickoff, and where I have been

This week I am in Annapolis with the entire of Sourcefire to hold our annual sales kickoff that we do once a year.  Good times had by all.  I get to hang with everyone, meet all the people that I haven't met yet, and generally have a good time.   We had a big meeting the other day when everyone was in the room together, and I looked around and said to myself...  "Who are all these people!?" So I can only feel how people like Caswell or Baker or Roesch feel.  

This is actually the first sales kickoff i've ever had the opportunity to attend.  The first opportunity was when Sourcefire was attempting to be purchased by CHKP.  Not everyone went to that kickoff.  In fact, I think I was working that week, I was in Florida or something.  Anyway...  The next kickoff, I wasn't able to be at either.  Reason being?  

My daughter is 1.  Happy Birthday pumpkin.

So, it's good to be with all my friends, put faces with names, and in reverse as well.  People come up to me all the time and say "Oh, you are Joel Esler?"  I don't know whether that's a good or a bad thing.  (Probably bad, famous or infamous.  Fine line.)

So, finally, this week was also MacWorld out in San Fran at the lovely Moscone Center.  Naturally, since most of the people I work with know that I am a big Mac aficionado, I am getting constant questions about "Did you see ____", "What do you think about ____", and "Are you going to buy _____".

So here's my take, a few current thoughts, a few future thoughts.

Steve Jobs said he had 4 things that he wanted to talk about, so we'll bring the 4 up and I'll talk about them in my own colorful way.

 1. Time Capsule -- A wireless (802.11n) access point with either a 500 GB or a 1 TB drive built into it.  This is a great idea.  I will probably be picking one of these up.  I really like the thought of being able to backup my laptop, desktop, and my wife's laptop to one Time Machine enabled drive.  Now, I can do that.  Future?  Apple will eliminate the separate Airport Extreme base station, Time Capsule will become standard, so they will have to rename it.  But they will build another feature into it first.  Not sure that that would be, I'll have to think about it.
2.   iPhone/iPod Touch updates -- The ability to rearrange your main screen icons, create new screens, create button launched web pages (web clips), triangulation with Google Maps, and multi-recipient SMS messaging.  I like this as well.  The ability rearrange my icons on the screen is nice.  All the apps I use highly are on my "home row" at the bottom.  Internet Apps on one screen, and the apps I don't use very much on another.   All of these are nice touches and I am glad that Apple did it.  Future?  They allowed us separate pages to get ready for the SDK.   People are going to have a ton of apps on these devices soon, so Apple needed a way to make room.
3.   iTunes movie rentals -- Logical.  The ability to rent movies from iTunes (instead of buying them), and further more, new AppleTV software so that you are able to rent movies directly from your couch.  Look ma!  I don't even have to get up to go to Blockbuster now!  Future?  This was a logical step, and I really hope it works out for Apple this time.  While the AppleTV in it's previous iteration was nice, even I don't have one.  But now, it's an enticing thought.  I don't know what the future holds for this, aside from the ability to purchase more and more movies.  Probably a 1080p refresh in a year or so.
4.   MacBook Air -- Ultrathin laptop.  Enough said.  You've heard about this by now, if you have seen any type of media in the past two days.  Now, this product makes for some really interesting futures discussion.  Future?  This is a test.  A test to see if Apple customers really will be able to handle life without a optical drive.  (And they will.)  Within a year, (probably next year's MacWorld)  Apple will do away with all optical drives on all their laptops, all the laptops will get thinner, and all of the laptops will get multitouch pads.  Now, as far as the touchpads are concerned, I am beginning to wonder, since we do some simple gesture based stuff in Leopard now (two finger scroll, etc) will you be able to do this kind of stuff on present MacBook's and MacBook Pro's?  Steve hinted at when it this technology was coming out, in February.  What else is shipping in Feb?  Time Capsule.  The iPhone SDK.  Since this is largely all controlled by software, in this case, Leopard.  Leopard 10.5.2 will be out in February, and it will be a huge update.  I could even see the ability to do multitouch gestures on our present laptops.  I don't think the laptops will get as thin as this one, however, after the axeing of the Optical drives on the laptops, there is nothing to hold them back from making it smaller.  So, that's my guess.

I think the stuff he introduced on Tuesday was useful and I like it.  What do you think?

Monday, January 14

ZFS for OSX, now Open Source

Reader writes into me telling me about an article on Slashdot.  Apparently ZFS for OSX is now on the streets and is Open Source.  Merry late Xmas from Apple.  

 Subscribe in a reader

ZFS for OSX, now Open Source

Reader writes into me telling me about an article on Slashdot.  Apparently ZFS for OSX is now on the streets and is Open Source.  Merry late Xmas from Apple.  

 Subscribe in a reader

Saturday, January 12

Re: Open Letter to Apple

I got an email from a reader asking me if I got some feedback about my Open Letter to Apple I submitted.  Yes, I have received feedback from Apple on the two tickets I submitted.  However, Developer feedback is under NDA so I'm not supposed to post the responses.  However, let me say that they are working on the two issues I have noted.  Obviously, it's Apple, they can't provide any more info than that.

 Subscribe in a reader

Re: Open Letter to Apple

I got an email from a reader asking me if I got some feedback about my Open Letter to Apple I submitted.  Yes, I have received feedback from Apple on the two tickets I submitted.  However, Developer feedback is under NDA so I'm not supposed to post the responses.  However, let me say that they are working on the two issues I have noted.  Obviously, it's Apple, they can't provide any more info than that.

 Subscribe in a reader

Friday, January 11

Skype, is it right for you? Let's take a look.

Recently, I have heard ALOT about Skype, the ability to detect it, and the ability to stop it. Let me just say, I use Skype. I like it, I’ve done alot of communication over it with both domestic and foreign people. I’ve done podcasts on it, etc.. so it’s a great part of the network here. However, this post will attempt to look at the pros and cons of the software and why business should or should not allow it. The decision is up to the reader, I will not make it for you.

What is Skype?
Skype, if you don’t know, is a P2P based VOIP, IM, and file transfer program. It allows:
-Voice Calling to another Skype user
-Voice Conference Calling (up to 10 connections)
-Voice calling to traditional phone lines (this is called “SkypeOut”)
-Voice calling from traditional phone lines (people can call you, this is called “SkypeIn”)
-Chat with groups possible up to 48 people.
-Cross-platform file transfer
-Directory and presence management.

There are some great research papers out there about how to detect Skype, the theory (I say theory because it’s all analysis, Skype AFAIK has never told anyone) of how it works, and such.

The biggest question is, does it pose a threat to my network?  Let's take a look at Skype. 

1.  Skype's code makes heavy use of anti-debugging techniques.  So what?  Skype doesn't want you to look at their code.  Fine.  But why?  I'm not really one for conspiracy theories, but let's come back to this one later.
2.  Skype makes significant use of Obfuscated code.  Again, why.  We'll come back to this as well.
3.  Keeps chatting on the network, even when idle, and even when not a supernode.  Well, this makes sense. Skype has to know who is logged onto Skype to properly display your buddy list.  The client has to advertise it's presence.   All IM clients do this.  Or are the authors of the presentation thinking something else...  The only big point in this is the ability to transverse NAT.  Either during a call or not during a call, this is a hole.  Skype uses keep-alives and what not to keep the hole to your machine through the NAT device you have.  (Take a look at the second paper linked above.
4.  Lack of privacy.  I've argued this point a couple times, and some people don't really care.  Skype uses AES-256 encryption to encrypt all their traffic.  Phone calls, IM's, presence awareness, and even file transfers.  Skype holds the keys.  Big deal right?  Well if you are working for a company that needs to monitor your in and out calls, file transfers, and/or IM's plus even having the right to do so doesn't allow your company to listen.  Skype is there.  You can't do a darn thing about it (or can you?)
5.  Supernodes use alot of bandwidth (question mark)  I say "Question Mark" because it's debatable.  Let's discuss this. First off, a Supernode is a regular client on the Skype network that has a few things going for it. a) it has more than 256kb/s “up” stream bandwidth and b) is not behind a NAT or firewall. A supernode participates in the greater Skype network in the sky by sharing the “contact list” and helping out with the routing of calls. It should be noted here, that I have never found a piece of reliable research that says that “Supernodes carry calls.” In fact, Skype’s own forums say that Supernodes do not carry calls. However, this is one distinction to be made, Supernodes are different from relay nodes. Supernodes carry the global index (the list of people logged into Skype and where they are at). Relay nodes are...

Relay nodes -- Skype, because it has no central “server” to establish calls, relies on the Global Index carried by the supernodes and the ability for one host to directly contact the other. When one Skype user calls another Skype user, the easiest way for this to take place is to directly establish a communication from host to host, from caller to answerer. In the event this cannot take place, the Global Index tells the “answerer”, “hey, try to initiate contact in the reverse direction” from answerer to caller. If that STILL doesn’t work, then the Global Index has a small number of nodes called “Relay nodes”. Relay nodes actually DO route calls between two parties. The Caller and the Answerer both contact the “Relay” node and the Relay node handles the call between the two parties. The important thing for you to remember is that the call, the IM’s, the file transfers, etc are encrypted between the two parties.

In order for Skype to work on your network you need to allow the following things:
1)  Outgoing TCP connections on ephemeral ports. (1024 and higher)
2)  Outgoing UDP packets should be allowed to ephemeral ports. If you are behind a NAT, the NAT device needs to hold your UDP state table for at least 30 seconds.
3)  Outgoing TCP packets should be allowed to 80 and 443. But here is the kicker, they are allowed to go through proxies.
4)  Finally the NAT translation should provide consistent translation.

Now, how many networks out there deny these things?  How about, almost none.

Why does Skype need UDP? Well, if you are reading my blog, your probably know a thing or two about networking, and I should not have to explain that UDP is connectionless. (faster.) You wouldn’t want your voice conversation to be delayed would you?
“Wait” you say. “By running Skype, I allow myself to become a Supernode or a Relay node?” Yes you do. Excerpt from the EULA: “"You hereby grant permission for the Skype Software to utilise the processor and bandwidth of your computer for the limited purpose of facilitating the communication between Skype Software users"” Of course, if you are behind a NAT, firewall, or proxy, the chances of you becoming a Supernode or a Relay node are impossible. Even if you aren’t, Skype has a bunch of both, and they probably don’t need you.
Plus there is explicit ability to shut “supernode” functionality off in the registry (on Windows obviously).
6)  Does Skype have backdoors?  **CONSPIRACY THEORY**  Refer to #1 and #2 above.  Does it have backdoors?  Will we know?  Who knows?

File Transfers -- This is usually the biggest objection to IM, any type of IM. “The ability to transfer files from the network, either to each other, or off network”. Even though this is stupid, and files can be transferred a zillion ways (SSH, FTP, etc.), organizations think that everyone transfers all the “sekret” files using IM, so therefore ban. Whatever. Skype, AOLIM, Yahoo, MSN, ICQ, etc.. all allow you to transfer files, the key with Skype is, it’s encrypted.
So what?
Antivirus scans the file after Skype receives it, so what’s the big deal? I’m not saying it’s good or bad, as I said in the beginning, that’s an exercise for the reader, so I’ll leave it up to you.

So how can we detect it? Well, in true “me” fashion, I am going to use Snort as the example. Snort is made by Sourcefire, the company I work for. We make another product called “RNA” (Real-Time Network Awareness), that detects the Skype application as well (and a bunch of other applications on clients).  But let me stick with Snort.

In Snort we basically have two ways of detecting Skype. The first, and present way is via the rule language. As I said before, Skype is encrypted. So it’s tricky to be able to find these clients. However there are some strings in the initial logon of Skype that we are able to detect.
Because the rules fall under the VRT license, I will not repost them here, but I will talk about them a bit.

The first rule, (5998) is from HOME_NET to EXTERNAL_NET, so we are detecting the outbound initial logon connection, and we tie a flowbit to this initial logon. The second rule, (5999) is from EXTERNAL_NET to HOME_NET and tracks the successful logon of the Skype client, all the while calling the flowbit from the first rule. So, if both rules fire, we have a successful logon.  Can we use Snort inline and "drop" this traffic?   If we block the initial logon of Skype, Skype can't be used.  

Now, both of those rules are TCP. So what about UDP? Can we detect Skype via UDP? The answer is yes, but it's in beta code, we have a Skype preprocessor. This is a public beta, written by Jason Brvenik and we would love some feedback on it. If you’d like to have it, look here. Couple caveats about it, it works on 2.7.0.1, and has not been tested with the newest Skype clients.

So, the final questions, is Skype Spyware?
In my opinion No.  It does not contain spyware and never has.
Is Skype useful?
In my opinion Yes.
Is Skype beneficial to my environment?
Is it? That’s a determination that only you can make. Do your clients sit behind NAT, Firewalls, and/or proxies? Then they won’t be supernodes or Relay nodes. They are just clients.
Do you have a requirement to monitor all IM, file transfers, and/or voice calls?
If so, Skype is hard. It’s encrypted.

Anything I missed or would like me to research/explain?

Subscribe in a reader

Snort, RNA, Real-Time Network Awareness, and Sourcefire are registered trademarks of Sourcefire, Inc.
Skype is a registered trademark of Ebay.

Skype, is it right for you? Let's take a look.

Recently, I have heard ALOT about Skype, the ability to detect it, and the ability to stop it. Let me just say, I use Skype. I like it, I’ve done alot of communication over it with both domestic and foreign people. I’ve done podcasts on it, etc.. so it’s a great part of the network here. However, this post will attempt to look at the pros and cons of the software and why business should or should not allow it. The decision is up to the reader, I will not make it for you.

What is Skype?
Skype, if you don’t know, is a P2P based VOIP, IM, and file transfer program. It allows:
-Voice Calling to another Skype user
-Voice Conference Calling (up to 10 connections)
-Voice calling to traditional phone lines (this is called “SkypeOut”)
-Voice calling from traditional phone lines (people can call you, this is called “SkypeIn”)
-Chat with groups possible up to 48 people.
-Cross-platform file transfer
-Directory and presence management.

There are some great research papers out there about how to detect Skype, the theory (I say theory because it’s all analysis, Skype AFAIK has never told anyone) of how it works, and such.

The biggest question is, does it pose a threat to my network?  Let's take a look at Skype. 

1.  Skype's code makes heavy use of anti-debugging techniques.  So what?  Skype doesn't want you to look at their code.  Fine.  But why?  I'm not really one for conspiracy theories, but let's come back to this one later.
2.  Skype makes significant use of Obfuscated code.  Again, why.  We'll come back to this as well.
3.  Keeps chatting on the network, even when idle, and even when not a supernode.  Well, this makes sense. Skype has to know who is logged onto Skype to properly display your buddy list.  The client has to advertise it's presence.   All IM clients do this.  Or are the authors of the presentation thinking something else...  The only big point in this is the ability to transverse NAT.  Either during a call or not during a call, this is a hole.  Skype uses keep-alives and what not to keep the hole to your machine through the NAT device you have.  (Take a look at the second paper linked above.
4.  Lack of privacy.  I've argued this point a couple times, and some people don't really care.  Skype uses AES-256 encryption to encrypt all their traffic.  Phone calls, IM's, presence awareness, and even file transfers.  Skype holds the keys.  Big deal right?  Well if you are working for a company that needs to monitor your in and out calls, file transfers, and/or IM's plus even having the right to do so doesn't allow your company to listen.  Skype is there.  You can't do a darn thing about it (or can you?)
5.  Supernodes use alot of bandwidth (question mark)  I say "Question Mark" because it's debatable.  Let's discuss this. First off, a Supernode is a regular client on the Skype network that has a few things going for it. a) it has more than 256kb/s “up” stream bandwidth and b) is not behind a NAT or firewall. A supernode participates in the greater Skype network in the sky by sharing the “contact list” and helping out with the routing of calls. It should be noted here, that I have never found a piece of reliable research that says that “Supernodes carry calls.” In fact, Skype’s own forums say that Supernodes do not carry calls. However, this is one distinction to be made, Supernodes are different from relay nodes. Supernodes carry the global index (the list of people logged into Skype and where they are at). Relay nodes are...

Relay nodes -- Skype, because it has no central “server” to establish calls, relies on the Global Index carried by the supernodes and the ability for one host to directly contact the other. When one Skype user calls another Skype user, the easiest way for this to take place is to directly establish a communication from host to host, from caller to answerer. In the event this cannot take place, the Global Index tells the “answerer”, “hey, try to initiate contact in the reverse direction” from answerer to caller. If that STILL doesn’t work, then the Global Index has a small number of nodes called “Relay nodes”. Relay nodes actually DO route calls between two parties. The Caller and the Answerer both contact the “Relay” node and the Relay node handles the call between the two parties. The important thing for you to remember is that the call, the IM’s, the file transfers, etc are encrypted between the two parties.

In order for Skype to work on your network you need to allow the following things:
1)  Outgoing TCP connections on ephemeral ports. (1024 and higher)
2)  Outgoing UDP packets should be allowed to ephemeral ports. If you are behind a NAT, the NAT device needs to hold your UDP state table for at least 30 seconds.
3)  Outgoing TCP packets should be allowed to 80 and 443. But here is the kicker, they are allowed to go through proxies.
4)  Finally the NAT translation should provide consistent translation.

Now, how many networks out there deny these things?  How about, almost none.

Why does Skype need UDP? Well, if you are reading my blog, your probably know a thing or two about networking, and I should not have to explain that UDP is connectionless. (faster.) You wouldn’t want your voice conversation to be delayed would you?
“Wait” you say. “By running Skype, I allow myself to become a Supernode or a Relay node?” Yes you do. Excerpt from the EULA: “"You hereby grant permission for the Skype Software to utilise the processor and bandwidth of your computer for the limited purpose of facilitating the communication between Skype Software users"” Of course, if you are behind a NAT, firewall, or proxy, the chances of you becoming a Supernode or a Relay node are impossible. Even if you aren’t, Skype has a bunch of both, and they probably don’t need you.
Plus there is explicit ability to shut “supernode” functionality off in the registry (on Windows obviously).
6)  Does Skype have backdoors?  **CONSPIRACY THEORY**  Refer to #1 and #2 above.  Does it have backdoors?  Will we know?  Who knows?

File Transfers -- This is usually the biggest objection to IM, any type of IM. “The ability to transfer files from the network, either to each other, or off network”. Even though this is stupid, and files can be transferred a zillion ways (SSH, FTP, etc.), organizations think that everyone transfers all the “sekret” files using IM, so therefore ban. Whatever. Skype, AOLIM, Yahoo, MSN, ICQ, etc.. all allow you to transfer files, the key with Skype is, it’s encrypted.
So what?
Antivirus scans the file after Skype receives it, so what’s the big deal? I’m not saying it’s good or bad, as I said in the beginning, that’s an exercise for the reader, so I’ll leave it up to you.

So how can we detect it? Well, in true “me” fashion, I am going to use Snort as the example. Snort is made by Sourcefire, the company I work for. We make another product called “RNA” (Real-Time Network Awareness), that detects the Skype application as well (and a bunch of other applications on clients).  But let me stick with Snort.

In Snort we basically have two ways of detecting Skype. The first, and present way is via the rule language. As I said before, Skype is encrypted. So it’s tricky to be able to find these clients. However there are some strings in the initial logon of Skype that we are able to detect.
Because the rules fall under the VRT license, I will not repost them here, but I will talk about them a bit.

The first rule, (5998) is from HOME_NET to EXTERNAL_NET, so we are detecting the outbound initial logon connection, and we tie a flowbit to this initial logon. The second rule, (5999) is from EXTERNAL_NET to HOME_NET and tracks the successful logon of the Skype client, all the while calling the flowbit from the first rule. So, if both rules fire, we have a successful logon.  Can we use Snort inline and "drop" this traffic?   If we block the initial logon of Skype, Skype can't be used.  

Now, both of those rules are TCP. So what about UDP? Can we detect Skype via UDP? The answer is yes, but it's in beta code, we have a Skype preprocessor. This is a public beta, written by Jason Brvenik and we would love some feedback on it. If you’d like to have it, look here. Couple caveats about it, it works on 2.7.0.1, and has not been tested with the newest Skype clients.

So, the final questions, is Skype Spyware?
In my opinion No.  It does not contain spyware and never has.
Is Skype useful?
In my opinion Yes.
Is Skype beneficial to my environment?
Is it? That’s a determination that only you can make. Do your clients sit behind NAT, Firewalls, and/or proxies? Then they won’t be supernodes or Relay nodes. They are just clients.
Do you have a requirement to monitor all IM, file transfers, and/or voice calls?
If so, Skype is hard. It’s encrypted.

Anything I missed or would like me to research/explain?

Subscribe in a reader

Snort, RNA, Real-Time Network Awareness, and Sourcefire are registered trademarks of Sourcefire, Inc.
Skype is a registered trademark of Ebay.

Tuesday, January 8

Open Letter to Apple

Dear Apple,

While I love the iPhone and I think it's a great product.  Please please do one thing for us all that have it.  
On the iPhone there is a Notes application.
On the Leopard version of Mail.app, there is a Notes section.  Please make them sync?

On the Leopard version of Mail.app and iCal (actually, system wide) there is a To-Do database.  Why in God's name do these To-Do's not Sync with the iPhone?  You could also make them sync with the iPod Touch and give that platform even great organizational functionality as well.

That is all.  Thank you.  I'll be filing this as an feature request on your developer site.

Thanks,

Joel Esler

 Subscribe in a reader