Wednesday, December 30

SSH keys, my how I hate you sometimes.

So, earlier today I was setting up some SSH keys to be able to connect back and forth between various machines in my network.  Seems like a normal thing for a guy with a bunch of Unix machines around the house to do right?  Well, apparently it was more painful than I thought.

I had:
PubkeyAuthentication yes

I had the permissions right on all the files, on both the client and the server, yes, I checked this, and that.

So, here I am racking my brain, "why isn't this working", darn it.. what am I overlooking?  So I IM'ed a friend of mine, Richard Harman, who is the master of a bunch of things, one of the things is Linuxy, Unixy stuff -- at this point I'm at my wits end, and trying to figure it out, I am racking my brain.

Richard connects up to my computer, and he has the same problem (can't connect via SSH key), so it's obviously a server problem.

We start daemons in debug mode, looking at RPM packages (this particular server was running Fedora 10), heck, I was even looking at bugs in SELINUX as the culprit.  Nothing.

We noticed one line in particular that was bothering us..  every time someone tried to connect to sshd on the SERVER's SSHD debug line, it was trying to access /root/.ssh/authorized_keys.  No matter what the user.  Obviously, this isn't right.  I tested this out by moving my authorized_keys file to root's /.ssh directory and it worked right away.

After poking around a bit, Richard found the problem:
AuthorizedKeysFile     ~/.ssh/authorized_keys

Because, when SSHD starts up, the sshd_config file was expanding "~/" to the home directory, and since sshd starts as root..  the ONLY directory it was going to look in was /root/.ssh/authorized_keys

Richard changed this to:
AuthorizedKeysFile      .ssh/authorized_keys

It worked and life is fine now.  Two characters.  TWO.  (That I didn't put there, or at least don't remember putting there.)

Thanks Richard.

Tuesday, December 29

Getting Urlview to work on Snow Leopard

I've been using Mutt lately.  (I'll post more later on how I overcame my objections to it.... and how to make it work with multiple Gmail accounts forwarded to each other -- which was my major headache actually).  Unfortunately, urlview crashes if you download the source (ftp://ftp.guug.de/pub/mutt/contrib/) and compile it natively on Snow Leopard.

Well, after a ton of searching, posting to the Mutt Mailing list and what not, Brenden Cully (The maintainer of the fink package for OSX) posted this patch to urlview.c.  The code will make urlview compile correctly and run on Snow Leopard (10.6).  I still haven't figured out the bugs with lbdb and ABQuery on Snow Leopard yet, but once I get that patched up, we'll be good to go.  Then I'll post why I've finally reverted back to using Mutt (instead of Gmail) for my desktop email.

@@ -506,10 +506,11 @@                                                                                                                    

          free (url[current]);                                                                                                           

          url[current] = strdup (buf);                                                                                                   

          endwin ();                                                                                                                     

+         quote (scratch, sizeof (scratch), url[current]);                                                                               

          if (strstr (command, "%s"))                                                                                                    

-           snprintf (buf, sizeof (buf), command, quote (scratch, sizeof (scratch), url[current                                          

]));                                                                                                                                     

+           snprintf (buf, sizeof (buf), command, scratch);                                                                              

          else                                                                                                                           

-           snprintf (buf, sizeof (buf), "%s %s", command, quote (scratch, sizeof (scratch), ur                                          

l[current]));                                                                                                                            

+           snprintf (buf, sizeof (buf), "%s %s", command, scratch);                                                                     

          printf ("Executing: %s...\n", buf);                                                                                            

          fflush (stdout);                                                                                                               

          system (buf);

 

Monday, December 28

Review: Vtech DS6322 w/ Bluetooth

My wife bought me this for Xmas, and it's probably one of the best ideas ever.  The Vtech DS6322 w/ Bluetooth, is a 3 or 4 phone kit with bases (with an answering machine) that has Bluetooth capability.  Buy.com has it here.  So, after I paired my wife and I's cell phones to the base, now, when we come home our cell phones connect to the base, and then calls that come in our cell phones can be answered via the regular phone.

The regular phone has all the regular cordless phone buttons that you'd expect to see, plus one additional, a "Cell" button.  Whenever a phone call comes in on the cell phone, we just tap this button and we can answer it, all without having to run all over the house to try and find our cell phones.  It's convenient, as we have the base station (w/ Answering Machine) and our cell phones plugged into this piece of handiness from Pottery Barn (ours is black). The cell phones stay put in that area, along with the base station, and now we don't have to sprint all over the house looking for phones when one rings.

You can even import the phone books of the phones into the base station.  (Nice!)  You can set a static ringer, per phone line, so you know exactly which line someone is calling in on.

I recommend it.

Thursday, December 24

Bottom Posting

Recently was chastised for Bottom posting on a Mailing list, so I thought I'd write a few words about it.

I bottom (or inline post) mostly because I like the email to be a message. You read a message or a letter from top to bottom, from left to right. It wasn't until email clients started top posting (looking at you Outlook/Lotus Notes) that email was written in the top-posting format, forcing you to read an email backwards.

So I looked it up, basically looking at two different information stores.

Wikipedia -- http://en.wikipedia.org/wiki/Posting_style
RFC1855 -- http://www.ietf.org/rfc/rfc1855.txt

These two places will define how to write email and how email should be written, on mailing lists, use groups, or any other email transaction.

The particular part to pay attention to is in RFC1855 --

"- If you are sending a reply to a message or a posting be sure you
summarize the original at the top of the message, or include just
enough text of the original to give a context. This will make
sure readers understand when they start to read your response.
Since NetNews, especially, is proliferated by distributing the
postings from one host to another, it is possible to see a
response to a message before seeing the original. Giving context
helps everyone. But do not include the entire original!"

Summarize the email at the top, and post below it. In other words, bottom-posting is the correct way to write email, as per RFC.

Tuesday, December 22

Instapaper is so great

I am not sure if Instapaper has apps for anything other than the iPhone, and I kind of doubt, if that exclusivity exists, that it will last any amount of time.

Instapaper is one of those new 2.0 companies that is web/app based. They provide you a free log in to their website, which by the way, by default, had no password. Past this login you get a bookmarklet, similar to the "readbility" bookmarklet I talked about earlier, which, upon use, allows you to turn any article you are reading into a saved article of sorts.

For example, earlier today I was reading an entry on a blog, it was rather long, and I wasn't going to have time to finish reading it as I was about to head out to go to the dentist.

So, with this combination of app/website, I tapped my instapaper bookmarklet, which takes whatever you are reading, and puts it up in the "cloud". Which, provided you then have the Instapaper app on your iPhone, can sync this content down to your mobile device.

Now, whatever article I was reading, just by tapping one button, is now formatted in nice big text on my iPhone, and I can take with me.

I don't know the size limitation of the file you can put on instapaper, I don't know, for instance if you can put a whole book up there or something, but for now, while I am in the dentists waiting room, I have articles to read instead of the weeks old copies of  "Newsweek".

Why don't I use something like Google reader? Well I can, except for those websites that shorten their rss feeds to force clickthroughs. It's another couple steps, who knows how it is going to be formatted, and who knows what kind of connectivity you are going to have.

Which, also by the way, is why I removed the "shortened rss" clickthrough thing for my blog. It annoyed me, so I figured it was probably annoying you.

Monday, December 21

Thank you Google Cache

I was able to pull the posts that I lost back from Google Cache. So, back to normal. Thanks.

Facebook User? Might want to check your settings.

Many of you that use Facebook may have clicked right through it.  But recently Facebook made a couple changes to their privacy settings that you may want to take a look at.  You can read about the settings that they have changed here.  Basically Facebook did two things, first, if you have never made any changes to your privacy settings in the first place, Facebook altered your default privacy settings so that everyone can now read your postings, your status, your friends.


I have a feeling that most of the readers of my blog may value their privacy and may have realized that these settings were taking place.  But you might want to double check that these settings are up to your standards.  Basically, there’s two points that I’d recommend that you check.

Log into Facebook, click Settings in the top right, then click Profile Information.  Review each one of the items for the correct settings, the most important one being the “Search” section.

When I clicked on it today, I was presented by this pop-up:


So, weigh that statement against the “rather safe than sorry” thought process, and make of it what you will.  I still clicked on “Search”, then unchecked the “Index” button.

I moved the Snort Drinking Game

I moved the Snort Drinking Game from it’s old domain over here to this blog now:

http://blog.joelesler.net/the-snort-drinking-game

Moving to Wordpress

I just wanted to put out that moving to Wordpress, from Blogger, is probably one of the more painful experiences in my life so far.  But I found out a few things.

First things first, I found out that Wordpress, is actually, a really good platform for webpage creation.  Notice that I didn’t say blogging, it does that too, but it does a really good job for just basic webpage creation.  Probably the easiest “plug and play” system there is.

Problem is, I can easily see how there are so many security issues with Wordpress.  With plugins, themes, different pages, tools, etc..  This thing is php all the way through, which means, who knows that problems there are in the back of the system.  No more than any other blogging platform though I guess.

So, all my posts from Blogger have been moved over here now, and through the magic of mod_rewrite, things are working well.  I am going to be implementing mod_security as well, which is perfect because I recently received a new ModSecurity 2.5 book that I am reviewing.  So I’ll use the book as a chance to really evaluate the techniques to secure this website.

Currently I have two websites.  This blog, and another domain that I maintain, which I am going to be pointing over here as well.  Since I am basically consolidating all my content into one page.  I think this will make my life slightly easier, and really, that’s what moving to blogger was ultimately about.  Total customization in a nice neat package.

However, for now, there are still some 404’s that I am seeing.  Not sure why they are appearing, but I am going to have to fix those.

So for now, stay flexible, as I am still playing with the site.  I’ll get it squared away as soon as possible.

The Magic of Mod_Rewrite

After several large headaches dealing with Mod_Rewrite over the weekend, I finally have about 20 different ways to subscribe to the RSS feeds of this website all redirected over to Feedburner (and what do you know, I had about 400 subscribers that I didn't know anything about! Welcome!).
Here's a couple examples of things I had to do:


RewriteRule /feed$ http://feeds\.feedburner\.com/RandomThoughtsFromJoelsWorld [R=301,L]

RewriteRule /feeds/posts/default?alt=rss http://feeds\.feedburner\.com/RandomThoughtsFromJoelsWorld [R=301,L]

RewriteRule /feeds/posts/default http://feeds\.feedburner\.com/RandomThoughtsFromJoelsWorld [R=301,L]

RewriteRule /finshake/Blog/rss\.xml http://feeds\.feedburner\.com/RandomThoughtsFromJoelsWorld [R=301,L]



Hopefully everyone didn't experience (*many*) problems.  Thanks.

Just a couple Snow pictures

Just a couple pictures of the big Snow storm we had over the weekend...  For those of you that live in Snowy sections of the country, this is probably not exciting.  However, for Delaware, this much Snow happens about every 10 years (1996 was the last time it happened.  We had 4 ft back then)

The official measurement for my area is 26 inches.  I had that in the below picture.  But I had some areas on the sides of the house that were over four feet.




Sunday, December 20

How to totally screw up a Wordpess blog...

Do whatever I just did.

I lost about 4 posts. Sorry about that. I'm so awesome.

If you happen to have those last few posts of mine, feel free to email them to me.

Monday, December 14

Things I wish about Email

Someone asked me:

"Joel,


I read your last post on Thunderbird and noticed you said [...] that you were "over client based email".  I use Thunderbird.  Why do you say that?  What don't you like about [...], client based applications?"  -- Yes I paraphrased.  But spelling is intact.

Mail.app
-- I would like the ability to shut off Spotlight indexing.  Meaning, I don't want Mail.app to download all of my Mail locally.  It's IMAP, that means keep it up in the cloud.  I don't want it here.  Also?  Very slow when dealing with Gmail.
-- I would like the "new" ability to "archive" an email with a keyboard shortcut.  In Thunderbird 3.0, I can mash the "a" key and the Email that is currently selected is archived.
-- Threading.  Threading is awful.  It works GREAT in Gmail, and is perhaps Gmail's best feature, bar none.
-- No way to bottom post.

Thunderbird
-- Same as Mail.app as far as the Spotlight indexing goes, except, I can shut it off in Thunderbird (awesome!).  But I don't want the client to download my email.  Period.  I want it kept in the cloud with no local copy.
-- Slow.  SLOW.
-- Threading, same as Mail.app, Threading sucks.  Again, Gmail has this down.
-- Too much CPU
-- Too much RAM.  (600 Megs?  Are you kidding me?)

Mutt
-- Slow
-- Can't open attachments, (yes, I know what you Mutt guys are going to say, but still, I would like the ability to just click (or tap a shortcut key) and open an attachment.  Not having to do a bunch of crazy nonsense to tie apps together.
-- Threading, I rather like the threading that Mutt has, and the customizability of Mutt beats everything else, bar none.

Outlook
-- Seriously, Outlook sucks.
-- Why am I including it here?
-- No way to bottom post
-- Inconsistant GUI
-- Slow
-- No way to bottom post.  Check out this fix (http://home.in.tum.de/~jain/software/outlook-quotefix/)
-- No addons
-- No archiving
-- PST size limits
-- Bad rule granularity.


I solicited feedback from Twitter, regarding the above, and these are the responses I got.

"Lack of keyboard for control wrt to moving from folder to folder.. GMail makes that very easy." -- @jasonish


"The difficulty in working with the OS address book - Thunderbird vs Windows 7 contacts comes to mind (complicates my iphone sync)"
-- @tomsellers


"haven't found one with a conversation view on par with gmail."
-- @jjarmoc


"1) Folders < Labels (ability to 'symlink' emails to multiple tags) 2) i use 3-4 devices to check mail 3)Gmail's thread handling"
-- @jamesjtucker

and in the interest of fairness.  I'll get on Gmail too.

Gmail
-- I want the ability to mark two conversations and make them thread together.  For instance, let's say there is a thread, then someone answers that thread, but the mail client for that person adds "UNCLASSIFIED" to the thread.  The Thread is then broken, visually, but it is still the same.  I want to be able to combine them.
-- Your IMAP implementation really sucks.  Bad.  Oh, and it's slow as hell too, almost artificially.  Seems like you really don't want people using any other email solution except for the web.
-- Drag and drop of attachments.  This should be possible in HTML5, or at least with Google Gears
-- Lack of Google Gears (and thusly, no offline gmail support) for Safari/Snow Leopard.  Can we get rid of Gears and be HTML5 compliant please?
-- Lack of Bottom Posting option.  No, addons through Greasemonkey do not count.  Want to really impress me?  Reformat an entire email (when I hit reply), to flip the thread around based upon indexing, (come on, you guys can figure that out), to read top to bottom.
Check this out Google.  Do THIS and all would be awesome -- http://home.in.tum.de/~jain/software/outlook-quotefix/
-- GPG/PGP support.  I don't use it, simply because it's a pain.  So I don't.  I probably would if I could.
-- The ability to filter on more headers.  Ideally, I'd love to be able to perform regex on headers.  Similar to procmail.
-- Label based signature blocks.  Or at least account based.





Please leave comments below.

Things I wish about Email

Someone asked me:

"Joel,


I read your last post on Thunderbird and noticed you said [...] that you were "over client based email".  I use Thunderbird.  Why do you say that?  What don't you like about [...], client based applications?"  -- Yes I paraphrased.  But spelling is intact.

Mail.app
-- I would like the ability to shut off Spotlight indexing.  Meaning, I don't want Mail.app to download all of my Mail locally.  It's IMAP, that means keep it up in the cloud.  I don't want it here.  Also?  Very slow when dealing with Gmail.
-- I would like the "new" ability to "archive" an email with a keyboard shortcut.  In Thunderbird 3.0, I can mash the "a" key and the Email that is currently selected is archived.
-- Threading.  Threading is awful.  It works GREAT in Gmail, and is perhaps Gmail's best feature, bar none.
-- No way to bottom post.

Thunderbird
-- Same as Mail.app as far as the Spotlight indexing goes, except, I can shut it off in Thunderbird (awesome!).  But I don't want the client to download my email.  Period.  I want it kept in the cloud with no local copy.
-- Slow.  SLOW.
-- Threading, same as Mail.app, Threading sucks.  Again, Gmail has this down.
-- Too much CPU
-- Too much RAM.  (600 Megs?  Are you kidding me?)

Mutt
-- Slow
-- Can't open attachments, (yes, I know what you Mutt guys are going to say, but still, I would like the ability to just click (or tap a shortcut key) and open an attachment.  Not having to do a bunch of crazy nonsense to tie apps together.
-- Threading, I rather like the threading that Mutt has, and the customizability of Mutt beats everything else, bar none.

Outlook
-- Seriously, Outlook sucks.
-- Why am I including it here?
-- No way to bottom post
-- Inconsistant GUI
-- Slow
-- No way to bottom post.  Check out this fix (http://home.in.tum.de/~jain/software/outlook-quotefix/)
-- No addons
-- No archiving
-- PST size limits
-- Bad rule granularity.

I solicited feedback from Twitter, regarding the above, and these are the responses I got.

"Lack of keyboard for control wrt to moving from folder to folder.. GMail makes that very easy." -- @jasonish


"The difficulty in working with the OS address book - Thunderbird vs Windows 7 contacts comes to mind (complicates my iphone sync)"
-- @tomsellers


"haven't found one with a conversation view on par with gmail."
-- @jjarmoc


"1) Folders < Labels (ability to 'symlink' emails to multiple tags) 2) i use 3-4 devices to check mail 3)Gmail's thread handling"
-- @jamesjtucker

and in the interest of fairness.  I'll get on Gmail too.

Gmail
-- I want the ability to mark two conversations and make them thread together.  For instance, let's say there is a thread, then someone answers that thread, but the mail client for that person adds "UNCLASSIFIED" to the thread.  The Thread is then broken, visually, but it is still the same.  I want to be able to combine them.
-- Your IMAP implementation really sucks.  Bad.  Oh, and it's slow as hell too, almost artificially.  Seems like you really don't want people using any other email solution except for the web.
-- Drag and drop of attachments.  This should be possible in HTML5, or at least with Google Gears
-- Lack of Google Gears (and thusly, no offline gmail support) for Safari/Snow Leopard.  Can we get rid of Gears and be HTML5 compliant please?
-- Lack of Bottom Posting option.  No, addons through Greasemonkey do not count.  Want to really impress me?  Reformat an entire email (when I hit reply), to flip the thread around based upon indexing, (come on, you guys can figure that out), to read top to bottom.
Check this out Google.  Do THIS and all would be awesome -- http://home.in.tum.de/~jain/software/outlook-quotefix/
-- GPG/PGP support.  I don't use it, simply because it's a pain.  So I don't.  I probably would if I could.
-- The ability to filter on more headers.  Ideally, I'd love to be able to perform regex on headers.  Similar to procmail.
-- Label based signature blocks.  Or at least account based.

False Alarm -- No more Thunderbird

Probably belongs in a tweet, but since I blogged about it here, I'll write it here.

Stopped using Thunderbird.  After it consumed 20 Gigs of space downloading my email, constantly kept my CPU at 80-100% and the hardware fan busy, consuming 500 Megs of RAM...  I ditched it and went back to Gmail on the web.

It did have some very nice features, however, basically, I am just over client email programs.

That is all, you may return to your regularly scheduled programs.


Please leave comments below.

Sunday, December 13

Thunderbird 3.0

I know you've read from me time and again that I am a big proponent of Google's Gmail interface.  However, ever since Mozilla put out Thunderbird 3.0, i've been trying it.  It combines the best of both worlds, offline (even though Gmail just released that non-lab), client access, OSX integration.  But perhaps the best thing is that they have an archiving system now.

You read a message and you mash "a" and the message is placed into an archive by year-month timestamp, and is no longer in your inbox.  The simplest way, client side, to maintain Inbox-Zero.

Take a look at all the new features here.


Please leave comments below.

Thunderbird 3.0

I know you've read from me time and again that I am a big proponent of Google's Gmail interface.  However, ever since Mozilla put out Thunderbird 3.0, i've been trying it.  It combines the best of both worlds, offline (even though Gmail just released that non-lab), client access, OSX integration.  But perhaps the best thing is that they have an archiving system now.

You read a message and you mash "a" and the message is placed into an archive by year-month timestamp, and is no longer in your inbox.  The simplest way, client side, to maintain Inbox-Zero.

Take a look at all the new features here.


Please leave comments below.

Friday, December 11

New Blog for your enjoyment

Friend of mine, Mike Mishou, started a new blog over at http://mishou.org.  So far he has some great posts, and I envision him to continue having great posts.  Head on over to Mike's website and check it out.


Please leave comments below.

New Blog for your enjoyment

Friend of mine, Mike Mishou, started a new blog over at http://mishou.org.  So far he has some great posts, and I envision him to continue having great posts.  Head on over to Mike's website and check it out.


Please leave comments below.

Tuesday, December 8

Google Chrome for the Mac has reached Beta

Happy to see this, because I know several friends of mine have been working on this in the background at Google, and what a good job they have been doing as well.  I have visions of these guys in dimly lit rooms sitting around keyboards, their faces awash in the white glow of XCode, furiously figuring out the bugs and features to put into the Mac version of Chrome.  Okay, enough of that visual.  (you know, keyboards surrounded by cans upon cans of Mountain Dew...)

This morning Google released the Beta version (this is as opposed to the Alpha version that I talked about here) of Google Chrome for the Mac.  (and Linux as well..)  The biggest thing that I noticed that it supported was that it imported all my bookmarks from Safari for me.  Switching to Google Chrome was like,  basically a kid waiting to be put in the big game in school.  Standing on the side lines, sometimes used, sometimes not.  Safari being my primary resource for anything web-related.  Now, with full pads on, helmet in hand, my Quarterback for surfing the information superhighway is now Google Chrome.   I've handed the playbook of imported bookmarks over to Google Chrome, and my new browser has taken the field.

It's quick, it's stable, and each tab launches in it's own process, or thread.  This is priceless, as a crash in one tab does not mean the whole browser will die.  Just that tab.  Well, that's the theory anyway.

Give it a shot.

http://www.google.com/chrome?platform=mac&hl=en

Please leave comments below.

Wednesday, November 25

Readability

I don't remember exactly where I got this from, but I've been using it a lot lately to look at websites.  Since apparently, ad space and other random flash or movement based ads on webpages is now the norm -- making the content on a webpage impossible to read without distraction, someone made this.  It's called the Readability Experiment.  You go to this website, you configure the setup how you want, and then you drag the bookmarklet to your bookmark bar.

Next time you are on a webpage that looks something like this:



Let's see, we have a header (with an ad in it!)  Two ads below the header, and ad on the right, and a footer bar.  (I just randomly picked Cnet, because I know their stuff is laced with ads).  I mash my set-up bookmarklet.. and viola, I get this:




The actual content.



Please leave comments below.



Great Desktop Wallpaper for those of you that hate clutter.

This is an absolutely phenomenal desktop wallpaper for those of you that hate clutter.  So, if you are one of those kinds of people (re: me) that can't stand icons on your desktop and the like..  this one is for you.  Posting the link over to Merlin Mann's blog, where the awesomeness takes place.

http://www.kungfugrippe.com/post/229188592/simple-desktop-download

It simply states "Quit fiddling with your desktop, Nerd" on a black background.  Reminding you to get back to work.


Please leave comments below.

Tuesday, November 24

Readability

I don't remember exactly where I got this from, but I've been using it a lot lately to look at websites.  Since apparently, ad space and other random flash or movement based ads on webpages is now the norm -- making the content on a webpage impossible to read without distraction, someone made this.  It's called the Readability Experiment.  You go to this website, you configure the setup how you want, and then you drag the bookmarklet to your bookmark bar.

Next time you are on a webpage that looks something like this:



Let's see, we have a header (with an ad in it!)  Two ads below the header, and ad on the right, and a footer bar.  (I just randomly picked Cnet, because I know their stuff is laced with ads).  I mash my set-up bookmarklet.. and viola, I get this:




The actual content.



Please leave comments below.



Great Desktop Wallpaper for those of you that hate clutter.

This is an absolutely phenomenal desktop wallpaper for those of you that hate clutter.  So, if you are one of those kinds of people (re: me) that can't stand icons on your desktop and the like..  this one is for you.  Posting the link over to Merlin Mann's blog, where the awesomeness takes place.

http://www.kungfugrippe.com/post/229188592/simple-desktop-download

It simply states "Quit fiddling with your desktop, Nerd" on a black background.  Reminding you to get back to work.


Please leave comments below.

Applying "Getting Things Done" to IPSs

Getting Things Done, or "GTD" for short, as I've blogged about before, several times, is a method of personal organization with a focus on accomplishing tasks.  It's great for applying to email (Inbox Zero) and it's great for organization of your personal life (read some of the articles I've written before, particularly this one).

Some IDS and IPS courses and teachers will tell you to turn on everything, and log everything because that's the only way you'll find anything.  I don't disagree with that, but there are several problems with this philosophy, design, bandwidth, dropping packets, time, money, and performance.  Just to name a few.  Plus, who wants to sit there and look for everything.  Most IDS analysts I know are just trying to keep their head above water.  They want to just figure out a better way to deal with the information that is coming in, not increase the amount of information coming in.  Some people have this same problem with email, which is why I am such and advocate to Inbox Zero and GTD to learn to deal with the increased amount of information that we are being subjected to.

What if we took this same philosophy to IDS/IPS?  While this can primarily work with a Snort based device, such as Sourcefire, it can work with about anything.

Step One:  Turn everything off.
Yup.  Just as a test, create a new IPS policy and turn everything off, if you can.  (If you can't then just move on to Step 2.)  Now the focus of this exercise is only to turn on what is relavant to you, so that's what we are going to do, reset expectations.

Step Two:  Use RNA
(If you don't have RNA, obviously you can skip this step, but go ahead and read it so that you know what you are missing.)  Go to your new policy, use your RNA Recommended Rules Configuration to essentially tie the IPS policy to a certain sensors or series of sensors.  RNA Recommended Rules will take the vulnerabilities that RNA has detected in Realtime (or that it received via the Host API or Qualys or Nessus or Nmap...) and uses the information to give you suggestions about what to turn on in your network.  Use the R3 (RNA Recommended Rules) to provide you those recommendations and then go over them with the common sense test.  As you know RNA tells you what you could be vulnerable to.  Your system is "Guilty until Proven Innocent", hopefully you can take the time and tell your system what your network is not vulnerable to, but lets leave that for another day right now.  Turn on the rules that are relevant to you and your network.  Don't turn on ICMP Port Unreachable.  You'll see why in Step Five.

Step Three:  Turn on any rules that are relavant.
Want to look for Spyware?  Turn on the spyware rules.  Want to look for Chat clients?  Turn on the chat rules, etc.

Step Four:  Push the policy, and wait.
Give the new policy 24 hours if you are on a slow network, or maybe just let it run over your lunch period.  Let the policy run on your network for an acceptable amount of time, you be the judge with your common sense hat.

Step Five:  Look at your alerts.
Now, go back and look at your alerts.  Time to start cleaning out.  For each event I want you to follow a flow, I want you to decide if it is an actionable alert.  Are you going to physically do something with this event?  Are you going to report it to the Desktop security people?  Are you going to block the port at the firewall?  Update the Antivirus?  What are you going to do with the event?

If you think about the next "actionable" event you are going to do with the alert, and you decide, well, I am going to do nothing with the event, then shut the rule off.  No point in running a rule if you aren't going to react to it's logging.  Do you allow AOL Instant Messenger on your network, and your AIM rules are alerting?  What are you going to do about it?  You allow it right?  So you are going to do nothing?  Okay, then shut the rule off.

What if you don't want to shut off the rule, but only want to shut it off going to a particular machine?  Well, the suppress it based on IP.  What if you don't want to shut off a rule, but it's alerting too much?  Then threshold it.  My point is, do something.

Do that for all the events in the period that you set in Step Four.  Do this once a day, and after you do it, at the end of each time, repush your policy, then do it again the next "period".  Do this for several days.  This step, in case you haven't noticed will need to be done every day.  Every update there will be new things for you to explore and catch.  Begin at the beginning.

Step Six:  What are you going to DO now?
Now, you have a bunch of alerts you intend to do something with.  Now, do you create trouble tickets?  Do you start working with various teams?  You get the point.

Step Seven: Now that your head is above water, you can experiment
After you have done the first six steps satisfactorily to a point where you can handle your IDS and IPS, you can deal with anything that comes in.  You have a process, now you have best practices.  Now, you can turn on rules that you are interested in.  Things that you don't (or might) have to deal with.  Things that you may have had on before but never got a chance to look at.  Rules that alert on obfuscated javascript for instance.  You can go play.

Warning:  Just a word before you start this process. Warn your coworkers and boss that you are about to become much more efficient and start filing more tickets.  Because you will.

Oh, and make backups of your policies before you make changes.  In fact, create new policies based off of your old ones and work off the new ones.



Please leave comments below.



Thursday, November 19

Fedora 12 allows installation of software without root privs

I posted this on the ISC this morning as well, but I just wanted to post it here as well.

A "bug" created back in November against the latest Fedora release (12) indicates that, through the GUI, desktop users of the Fedora system are able to install signed packages without root privileges or root authentication.  Yes, you just read that correctly.  (I'll give you a second re-read that sentence so I don't have to retype it.)  Yes, "it's a feature, not a bug".
In all my travels I've only ran across one company, ever, that has Fedora rolled out as an enterprise operating system on every desktop.  But what kind of security implications does this have?  I obviously don't have to explain why this is (may be) a bad idea to the readers of the ISC, as we are all security minded people.
Now, the restrictions.  This change does not affect yum on the command line.  This only affects installing things through the GUI.  (Not that helps any, as most users will be running the GUI anyway.)  You can also disable it.
create a file in:
/var/lib/polkit-1/localauthority/20-org.d  (you can name if file anything you want)
and include the following:

[NoUsersInstallAnythingWithoutPassword]
Identity=unix-user:someone;unix-user:someone_else
Action=org.freedesktop.packagekit.*
ResultAny=auth_admin
ResultInactive=auth_admin
ResultActive=auth_admin

(the above came from the release notes for Fedora 12, found here.
Also, I found this as a solution:
pklalockdown --lockdown org.freedesktop.packagekit.package-install
Currently in the bug, there is some debate about if they should revert this feature.  So, this may be just temporary.


Please leave comments below.

Fedora 12 allows installation of software without root privs

I posted this on the ISC this morning as well, but I just wanted to post it here as well.

A "bug" created back in November against the latest Fedora release (12) indicates that, through the GUI, desktop users of the Fedora system are able to install signed packages without root privileges or root authentication.  Yes, you just read that correctly.  (I'll give you a second re-read that sentence so I don't have to retype it.)  Yes, "it's a feature, not a bug".
In all my travels I've only ran across one company, ever, that has Fedora rolled out as an enterprise operating system on every desktop.  But what kind of security implications does this have?  I obviously don't have to explain why this is (may be) a bad idea to the readers of the ISC, as we are all security minded people.
Now, the restrictions.  This change does not affect yum on the command line.  This only affects installing things through the GUI.  (Not that helps any, as most users will be running the GUI anyway.)  You can also disable it.
create a file in:
/var/lib/polkit-1/localauthority/20-org.d  (you can name if file anything you want)
and include the following:

[NoUsersInstallAnythingWithoutPassword]
Identity=unix-user:someone;unix-user:someone_else
Action=org.freedesktop.packagekit.*
ResultAny=auth_admin
ResultInactive=auth_admin
ResultActive=auth_admin

(the above came from the release notes for Fedora 12, found here.
Also, I found this as a solution:
pklalockdown --lockdown org.freedesktop.packagekit.package-install
Currently in the bug, there is some debate about if they should revert this feature.  So, this may be just temporary.


Please leave comments below.

Monday, November 16

IPS's don't just send RST packets.

Commenting on an email I read earlier today, some people apparently still have the misconception that an IPS simply sends an RST packet, and therefore, shortly after a session that is taking place between two parties should die.

Nope.

A real IPS, in my opinion, has full control of the traffic.  Cable one, exits firewall, enters port 1 on IPS, cable 2, exits port 2 on IPS and goes to switch.

While the traffic is passing through the IPS, the engine (in Sourcefire's case -- Snort) makes the decision if the traffic that entered port 1 should be allowed to go out port 2 and vice versa.

Can Sourcefire's devices send RST packets?  Sure!  But why would you want to give away where your IPS was on the network?  Why not just silently drop the connection into the big bit bucket in the sky and go on about your day?

Oh.  And do this at >10 Gig a second?  Yeah it's awesome.


Please leave comments below.

Tuesday, November 10

Looking for a Label Printer?

Recently I needed a label printer for a project I was involved with, and after looking around a bit decided on buying the Brother QL-570 Label Printer.  Having not used it before, but having used successful Brother products in the past, I decided that this one was it.

This is a great printer.  It prints fast, it cuts automatically at the end of the print.  The label paper is readily available at any office supply store, and the software is dead easy to use.

I plugged it into my Mac, (running Snow Leopard) and it was immediately recognized, and the drivers were automatically updated and installed.  However, I had no software to design the labels with.  The printer comes with the software on a CD, but I usually just go to the manufacturer's website and download the software from there, because, well, often times, the software on the CD is old.

The computer installed the software (I think it had to reboot), and I was designing labels and printing in no time.  The only "tricky" part, (I guess it was tricky) was selecting what type of paper was in the machine (on the computer) so that the label printed correctly...  which, you set right when you open the program.  So, barring that, 2 second option aside, the printer was dead easy to use.  It actually fit right in my backpack, (not that I would take it with me), but I did have to on this occasion, and it was small enough to throw right in my bag.


Please leave comments below.

Looking for a Label Printer?

Recently I needed a label printer for a project I was involved with, and after looking around a bit decided on buying the Brother QL-570 Label Printer.  Having not used it before, but having used successful Brother products in the past, I decided that this one was it.

This is a great printer.  It prints fast, it cuts automatically at the end of the print.  The label paper is readily available at any office supply store, and the software is dead easy to use.

I plugged it into my Mac, (running Snow Leopard) and it was immediately recognized, and the drivers were automatically updated and installed.  However, I had no software to design the labels with.  The printer comes with the software on a CD, but I usually just go to the manufacturer's website and download the software from there, because, well, often times, the software on the CD is old.

The computer installed the software (I think it had to reboot), and I was designing labels and printing in no time.  The only "tricky" part, (I guess it was tricky) was selecting what type of paper was in the machine (on the computer) so that the label printed correctly...  which, you set right when you open the program.  So, barring that, 2 second option aside, the printer was dead easy to use.  It actually fit right in my backpack, (not that I would take it with me), but I did have to on this occasion, and it was small enough to throw right in my bag.


Please leave comments below.

Friday, November 6

Shootings at Fort Hood

For those of you that have not heard, yesterday, apparently, a psychiatrist decided to take it upon himself to start offing soldiers, and wound up with 12 dead.

I would like to send my condolences out to the families of the victims of this senselessness.  We have enough people trying to kill our soldiers abroad, why must we have our own do the same here at home?

I don't know how the guy managed to get 12 people, of course, I wasn't there, and I am just armchair quarterbacking, but 12?  I mean, after the first one or two, that guy should have been tackled to the ground and caught a beat down from some fellow soldiers.

I don't know the situation, or how it took place, if that was even possible, but I also give kudos to the officer that ended the madman's spree by not only taking a bullet herself, but putting four bullets in the shooter.  Good job.


Please leave comments below.

Shootings at Fort Hood

For those of you that have not heard, yesterday, apparently, a psychiatrist decided to take it upon himself to start offing soldiers, and wound up with 12 dead.

I would like to send my condolences out to the families of the victims of this senselessness.  We have enough people trying to kill our soldiers abroad, why must we have our own do the same here at home?

I don't know how the guy managed to get 12 people, of course, I wasn't there, and I am just armchair quarterbacking, but 12?  I mean, after the first one or two, that guy should have been tackled to the ground and caught a beat down from some fellow soldiers.

I don't know the situation, or how it took place, if that was even possible, but I also give kudos to the officer that ended the madman's spree by not only taking a bullet herself, but putting four bullets in the shooter.  Good job.


Please leave comments below.

Dojocon

Drove down to Dojocon at Capitol College in Maryland today.  Did the old, "Man the Sourcefire Booth" bit.  Except this time, it was for VRT, instead of at a big Orange Sourcefire booth full of literature about product, the questions this time were about Snort and VRT rules.  Quite a bit different from normal, great though.

Dojocon did quite well (It's still going on), 150-200 people there, I would guess, (I'm not good at people estimation), lots of good presentations and lots of good questions at the end of the talks. Food and drinks and snacks were provided (which is a nice change from other conferences I've been to).

I recommend going if you can next time they have it, great resources of information there, Marcus does a great job.


Please leave comments below.

Wednesday, November 4

Hey Jude

Don't know where this originally came from, I saw it on KungFu Grippe.





Please leave comments below.

Hey Jude

Don't know where this originally came from, I saw it on KungFu Grippe.





Please leave comments below.

Tuesday, November 3

Lots going on, thus lack of posts

So...  lately I haven't been posting a lot, been doing a lot of things for work, plus I just got back from a vacation to Disney World, I got my Mustang back, and am traveling for work.

Just for those of you that read the blog and will be there, I'll be at DojoCon on Friday, November 6th with the VRT.  Stop by and say hello if you'll be there.


Please leave comments below.

Lots going on, thus lack of posts

So...  lately I haven't been posting a lot, been doing a lot of things for work, plus I just got back from a vacation to Disney World, I got my Mustang back, and am traveling for work.

Just for those of you that read the blog and will be there, I'll be at DojoCon on Friday, November 6th with the VRT.  Stop by and say hello if you'll be there.


Please leave comments below.

Tuesday, October 27

More Mustang stories

Last time I updated you on the Mustang, I said that the starter was the fault for it not wanting to.. well..  start.  I figured while the car was up at the shop I would have a new header and exhaust put on it as well.  I caught a lot of heat for that, saying "that's not what having a classic car is all about!"  True.  You have a point.  However, I am glad I didn't do the work myself, as I was going to head up and pick up the car tonight after work, but I called and made sure it was getting done and they told me some news...

Getting the header off was a bit harder than expected.  Seems like some of the bolts were missing, and the rest broke while trying to get them out.  Seems that this is the first time in 41 years that the headers have come off the engine since it was assembled in January of 1968.  Gaskets were dry rotted and shot, bolts were rusted, missing, and impossible to get out.

But alas, they did get it them all out, they have the new header on, new mufflers hanging and they were fabricating the dual exhaust (see, they don't make a "dual exhaust setup" for my engine/car) when I called up there earlier today.  I wanted to get the car in a nice running condition to where I can drive it and have fun doing so while I am building out the new engine/trans/rear/suspension..  etc.

So hopefully things will be done soon.


Please leave comments below.

More Mustang stories

Last time I updated you on the Mustang, I said that the starter was the fault for it not wanting to.. well..  start.  I figured while the car was up at the shop I would have a new header and exhaust put on it as well.  I caught a lot of heat for that, saying "that's not what having a classic car is all about!"  True.  You have a point.  However, I am glad I didn't do the work myself, as I was going to head up and pick up the car tonight after work, but I called and made sure it was getting done and they told me some news...

Getting the header off was a bit harder than expected.  Seems like some of the bolts were missing, and the rest broke while trying to get them out.  Seems that this is the first time in 41 years that the headers have come off the engine since it was assembled in January of 1968.  Gaskets were dry rotted and shot, bolts were rusted, missing, and impossible to get out.

But alas, they did get it them all out, they have the new header on, new mufflers hanging and they were fabricating the dual exhaust (see, they don't make a "dual exhaust setup" for my engine/car) when I called up there earlier today.  I wanted to get the car in a nice running condition to where I can drive it and have fun doing so while I am building out the new engine/trans/rear/suspension..  etc.

So hopefully things will be done soon.


Please leave comments below.

Monday, October 26

Apple Tablet (To be called Slate?)

For those of you that have been living under a rock for the past year, you probably have not heard the rumor that Apple is supposedly making a "Tablet" Computing device.

The first really, kind of, official note about that came out today by way of a speech given by the New York Times.


Bill Keller speaks to the digital group at The New York Times from Nieman Journalism Lab on Vimeo.

It happens at 8:30 in the speech.





Please leave comments below.

Apple Tablet (To be called Slate?)

For those of you that have been living under a rock for the past year, you probably have not heard the rumor that Apple is supposedly making a "Tablet" Computing device.

The first really, kind of, official note about that came out today by way of a speech given by the New York Times.


Bill Keller speaks to the digital group at The New York Times from Nieman Journalism Lab on Vimeo.

It happens at 8:30 in the speech.





Please leave comments below.

Google Chrome for the Mac released

Kinda.

Google released a "developer preview" of Google Chrome for the Mac finally.  Actually, you've been able to get a hold of it for awhile, but the copy that you could get, from Google, was essentially the developer developer preview.  It worked, but only in some areas.  I was using that for a long while, and I was quite happy with it.  But Friday of last week, Google finally put out a version of the browser that is a bit more..  "working".

You can grab it here.  I've been using it as my default browser since Friday exclusively, and it's been operating great so far.  The features that I appreciate the most about the browser, for some reason, is the "tabs on top" (considering Chrome is essentially a hopped up version of Webkit (Apple's open sourced 'Safari' browser that they use for development)), and the fact that each tab runs in its own process.  Which means if one tab crashes, the whole tab doesn't crash.  Which I appreciate a lot.

It's super fast when conducting Javascript type applications.  Google Docs, Gmail, Gcal, etc.  I can definitely appreciate the speed when it comes to my Gmail since I have over 7 Gigs of email, the ability to search through that and have it render quickly is a major plus.

Safari was my default browser before this, and while it's also very fast, when comparing the two browsers against Firefox, Firefox, unfortunately doesn't hold a candle, as far as speed goes, on the Mac.  So if speed is your thing, try out Chrome/Safari.


Please leave comments below.

Wednesday, October 21

Some New Apple stuff

Like every other retailer getting ready for the Holiday season this year, Apple, on the back of the biggest Quarter in Apple history, which saw their stock jump almost 10 dollars in one day, announced a few new products into the pipeline yesterday.  Let me just share a couple thoughts on these and then we'll move on to more interesting things.

1.  New iMac's with 21.5" and 27" displays.  While I don't have an iMac, my parents do, and I think it's a great platform.  All that in a 27" form factor is nice.
2.  Magic Mouse, the "world's first multitouch mouse".  Apple did away with the trackball, made the mouse a bit more rectangular (rather than the oval shape of the mighty mouse), got rid of the side buttons, and put multitouch gestures on the mouse.  Two finger swipe, scrolling in 360 degrees with just a finger.  Similar to the trackpad on the laptops.  Pretty cool I guess.
3.  Updated White Macbook.  Made it LED display, locked the battery in, made it "rounder".  (Even though that's not a word).  Now it looks like a true UFO.
4.  Updated Mac Mini, even a version with two 500GB Harddrives and Snow Leopard Server. (This is interesting here!)

Overall, underwhelming, I mean, from the 10,000 foot view, a couple of updates and a new mouse.  Of course I don't know what we expect Apple to come out with now-a-days.  Maybe we expect more from a company that invented the iPod and the iPhone.  I think the Mouse is cool, but the big one for me was the Mac Mini update.

Putting Snow Leopard server on it, as kind of a "home" server type of appliance, that's an interesting play, and I'd like to see what they are going to do with that technology being in the home.  


Please leave comments below.

Some New Apple stuff

Like every other retailer getting ready for the Holiday season this year, Apple, on the back of the biggest Quarter in Apple history, which saw their stock jump almost 10 dollars in one day, announced a few new products into the pipeline yesterday.  Let me just share a couple thoughts on these and then we'll move on to more interesting things.

1.  New iMac's with 21.5" and 27" displays.  While I don't have an iMac, my parents do, and I think it's a great platform.  All that in a 27" form factor is nice.
2.  Magic Mouse, the "world's first multitouch mouse".  Apple did away with the trackball, made the mouse a bit more rectangular (rather than the oval shape of the mighty mouse), got rid of the side buttons, and put multitouch gestures on the mouse.  Two finger swipe, scrolling in 360 degrees with just a finger.  Similar to the trackpad on the laptops.  Pretty cool I guess.
3.  Updated White Macbook.  Made it LED display, locked the battery in, made it "rounder".  (Even though that's not a word).  Now it looks like a true UFO.
4.  Updated Mac Mini, even a version with two 500GB Harddrives and Snow Leopard Server. (This is interesting here!)

Overall, underwhelming, I mean, from the 10,000 foot view, a couple of updates and a new mouse.  Of course I don't know what we expect Apple to come out with now-a-days.  Maybe we expect more from a company that invented the iPod and the iPhone.  I think the Mouse is cool, but the big one for me was the Mac Mini update.

Putting Snow Leopard server on it, as kind of a "home" server type of appliance, that's an interesting play, and I'd like to see what they are going to do with that technology being in the home.  


Please leave comments below.

Wednesday, October 14

Fix for the Mustang

For anyone who was wondering, the Mustang was fixed by putting a new starter and cables on it.  The starter bench-tested good, (meaning it spun when power was applied) but wasn't strong enough to turn the flywheel.  When you put it on the bench next to a brand new starter, the new starter turned about twice as fast.

While the car was up at that shop, I had them put a new header on it, dual exhaust with dual flowmaster mufflers.  I would have done it myself, except that I don't have a mandrel bender, and the don't make an exhaust kit for my car.  I don't have experience in welding, so I wanted it done right.


Please leave comments below.

Fix for the Mustang

For anyone who was wondering, the Mustang was fixed by putting a new starter and cables on it.  The starter bench-tested good, (meaning it spun when power was applied) but wasn't strong enough to turn the flywheel.  When you put it on the bench next to a brand new starter, the new starter turned about twice as fast.

While the car was up at that shop, I had them put a new header on it, dual exhaust with dual flowmaster mufflers.  I would have done it myself, except that I don't have a mandrel bender, and the don't make an exhaust kit for my car.  I don't have experience in welding, so I wanted it done right.


Please leave comments below.

Tuesday, October 13

McAfeee Avert Labs Blog: W32/Xpaj Botnet Growing Rapidly


Read the below on Google Reader, figured it was easy enough to write some SNORT(r) rules for:

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"VIRUS W32/Xpaj Botnet infection"; flow:to_server,established; uricontent:"up.php"; content:"a=g2"; rev:1; sid:1000000;)
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"VIRUS W32/Xpaj Botnet Infection"; flow:to_server,established; uricontent:"stamm/"; content:"stamm.dat"; depth:0; within:9; rev:1; sid:1000001;)
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"VIRUS W32/Xpaj Botnet Infection"; flow:to_server,established; uricontent:"plugin/"; content:"plugin.dat"; depth:0; within:10; rev:1; sig:1000002;)


Two weeks ago I blogged about a new virus–W32/Xpaj–found in the wild by McAfee researchers and actively spreading around the world. Since then we have closely monitored the change in spread and severity of the virus, improved generic detection for future W32/Xpaj instances, and added cleaning and proper repair for all the files infected by the virus. Today I want to share more news related to this threat.
Further analysis has revealed some interesting details about the malicious behavior of W32/Xpaj. The Virus is building a widespread “zombie” network, by taking control thousands of Internet-connected computers. The new botnet is in its infancy, although thousands of machines have been infected during last two weeks. The botnet infects computers around the world and has spread across many countries. The attacks are mostly aimed at enterprises, but they have now spread to consumer machines as well. Based on multiple characteristics and our own research, the virus is most probably the work of eastern European cybercriminals.
Most bots are connected to a central location from where one machine can control the entire botnet. W32/Xpaj, on the other hand, deploys several control channels to communicate and control its bots. It employs the same techniques used by Srizbi and Conficker; that is, it uses randomly generated DNS names for backup control servers. Even though W32/Xpaj does not know where the control server is, it knows how to search for it, making it possible to predict which host is in use on a given day.
To prevent botnet hijacking, W32/Xpaj accepts only digitally signed payloads and commands. Malware authors use a cryptographic hash (MD5 algorithm) to validate the authenticity of any payload received from the control server).

Our analysis has not revealed any cryptology system to protect the payload, thus there is a chance for a rival to take control of the entire botnet.
The W32/Xpaj variants we analyzed use a sophisticated domain-generation algorithm to create and query the list of random domains starting on September 24. The virus first tries to resolve the domain name to an IP address. If that succeeds, it sends an HTTP request in the form of a string:
/GET /up.php?a=g2&cm=15A91F71
The malicious host responds with the path to a binary containing further instructions and code to be executed:
http://[infected]/stamm/stamm.dat
http://[infected]/plugin/plugin.dat
The first binary containing malicious instruction has already been received by all W32/Xpaj-infected machines. The virus stores the downloaded encrypted binary in the Windows folder. After decryption, the malicious code executes and instructs the virus to gather information about the infected machine and report to the server, sending the victim’s IP address, machine name, host process, registry records, current home page, and even fonts and path variables.

Every time an infected machine receives a payload and executes malicious code, a marker (a file with a random name) is created in the Windows folder, preventing the virus from executing the same payload twice.

Botnets grow and evolve quickly. We measure them by the number of compromised computers under their control. However, proactive virus detection and following these simple recommendations will help prevent your computer from becoming a part of a botnet:


  • Keep your anti-virus software up to date
  • Apply all the latest security patches and keep your operating system up to date
  • Set up a firewall to block unauthorized access while you are connected to the Internet. Use strict firewall policies and allow only those connections–both incoming and outgoing–that are absolutely necessary for your business.
Although many security vendors struggled to release new signatures and cleaning support for this virus, McAfee customers are already protected. You will hear a lot more from us in the coming months, so stay tuned and keep reading our blogs.
Thanks to Abhishek Karnik, Rachit Mathur, Di Tian, Ivan Teblin, and Adrian Dunbar for their help in analyzing and defeating this threat.






Please leave comments below.

Tungle Makes Cross-Calendar Scheduling Simple

This is a great idea.




via Lifehacker by Jason Fitzpatrick on 9/30/09


If you're looking for a web-based application for scheduling meetings, you'll find no shortage. Want that application to sync to common calendar applications like Google Calendar, Outlook, and iCal? Prior to Tungle you were out of luck.
Tungle combines the best features of a variety of calendar syncing and meeting scheduling tools and rolls them all into one. With Tungle you can quickly jump from your existing calendar application to sending invites to your team members, checking their calendars even if you all use different applications, and optimizing everyone's schedule for the best meeting times. Check out the demonstration video below to see Tungle in action:



Tungle is a free service and is accessible by the Tungle site, an iPhone app, a Firefox plugin for Google Calendar, and a variety of apps for various social calendars.

Tungle Makes Cross-Calendar Scheduling Simple

This is a great idea.




via Lifehacker by Jason Fitzpatrick on 9/30/09


If you're looking for a web-based application for scheduling meetings, you'll find no shortage. Want that application to sync to common calendar applications like Google Calendar, Outlook, and iCal? Prior to Tungle you were out of luck.
Tungle combines the best features of a variety of calendar syncing and meeting scheduling tools and rolls them all into one. With Tungle you can quickly jump from your existing calendar application to sending invites to your team members, checking their calendars even if you all use different applications, and optimizing everyone's schedule for the best meeting times. Check out the demonstration video below to see Tungle in action:



Tungle is a free service and is accessible by the Tungle site, an iPhone app, a Firefox plugin for Google Calendar, and a variety of apps for various social calendars.

Monday, October 12

Well, it's broken down for now (the Mustang that is)



This past weekend I went up the Hershey AACA car show in Hershey, PA.  In my Mustang...

......and got to Lancaster, PA. Car died at a Gas station and wouldn't restart.

Tried to jump it, one click, nothing.

Had it towed to Pep Boys (hey, it's Lancaster) and wound up troubleshooting most of the car myself. They eventually just gave me their multimeter and equipment and I started diagnosing.  After they tested the battery, there were three guys standing there looking at the engine with their hands on their hips and I said: "So what's the deal guys?"

Their response: "I have no idea".  So I basically wound up trying to fix it myself, at Pep Boys.

Replaced the Starting Solenoid and cable to starter, that wasn't it.

Basically when you turn the key, the (starter?) clicks one time and the car doesn't start. All you get is an audible "click" and that's it. (Yes, the battery is good)

We pulled and bench tested the starter, and the guys there said it bench tested fine. So, not sure what to make of it at this point.

I don't think the engine's frozen, because I can do things like, put the car in reverse and walk up to the front of the car and turn the fan blade and the car will move backwards. (meaning I can turn the camshaft, meaning the pistons are moving, meaning not frozen?)

So, Saturday morning I had it towed up to a custom Mustang shop in Harrisburg. They were taking a look at it.

Nothing worse than parking your RENTAL car at a car show, walking across the street to the car show, and YOUR car goes by on the flatbed and everyone stops in the middle of the crosswalk to take a picture.

So, enjoy a picture of my car on the flatbed. (being hauled away from Pep Boys :)

Please leave comments below.

Scary

This is from xkcd.com of course, but how true is this?



Sent to you by Joel via Google Reader:




via xkcd.com on 10/8/09

I'm teaching every 8-year-old relative to say this, and every 14-year-old to do the same thing with Toy Story.  Also, Pokemon hit the US over a decade ago and kids born after Aladdin came out will turn 18 next year.



Things you can do from here:



Well, it's broken down for now (the Mustang that is)



This past weekend I went up the Hershey AACA car show in Hershey, PA.  In my Mustang...

......and got to Lancaster, PA. Car died at a Gas station and wouldn't restart.

Tried to jump it, one click, nothing.

Had it towed to Pep Boys (hey, it's Lancaster) and wound up troubleshooting most of the car myself. They eventually just gave me their multimeter and equipment and I started diagnosing.  After they tested the battery, there were three guys standing there looking at the engine with their hands on their hips and I said: "So what's the deal guys?"

Their response: "I have no idea".  So I basically wound up trying to fix it myself, at Pep Boys.

Replaced the Starting Solenoid and cable to starter, that wasn't it.

Basically when you turn the key, the (starter?) clicks one time and the car doesn't start. All you get is an audible "click" and that's it. (Yes, the battery is good)

We pulled and bench tested the starter, and the guys there said it bench tested fine. So, not sure what to make of it at this point.

I don't think the engine's frozen, because I can do things like, put the car in reverse and walk up to the front of the car and turn the fan blade and the car will move backwards. (meaning I can turn the camshaft, meaning the pistons are moving, meaning not frozen?)

So, Saturday morning I had it towed up to a custom Mustang shop in Harrisburg. They were taking a look at it.

Nothing worse than parking your RENTAL car at a car show, walking across the street to the car show, and YOUR car goes by on the flatbed and everyone stops in the middle of the crosswalk to take a picture.

So, enjoy a picture of my car on the flatbed. (being hauled away from Pep Boys :)

Please leave comments below.

Scary

This is from xkcd.com of course, but how true is this?



Sent to you by Joel via Google Reader:




via xkcd.com on 10/8/09

I'm teaching every 8-year-old relative to say this, and every 14-year-old to do the same thing with Toy Story.  Also, Pokemon hit the US over a decade ago and kids born after Aladdin came out will turn 18 next year.



Things you can do from here: