April 28, 2004
Mike Skallas' Ad blocking hosts file

A hosts file tells your computer what numerical address (209.61.186.253) is associated with what URL (www.everythingisnt.com.) . This file is a very simple hack which takes ad server URLs and redirects them to non-existant numerical addresses.

Spending More on Medicare Ads Than Cheaper Drugs

The White House today announced it will be spending another $18 million of taxpayer money on television ads promoting its new Medicare bill. Not only was the last round of ads criticized by government regulators as misleading, but the White House is on track to spend more Medicare money on television ads ($80 million) than its own FDA commissioner says is necessary to create a safe system to import cheaper, FDA-approved prescription medicines from abroad ($58 million).

Linux Security HOWTO

This document is a general overview of security issues that face the administrator of Linux systems. It covers general security philosophy and a number of specific examples of how to better secure your Linux system from intruders. Also included are pointers to security-related material and programs. Improvements, constructive criticism, additions and corrections are gratefully accepted.

April 27, 2004
Desktop Manager

Desktop Manager is my own pet project to implement a (hopefully) easy to use virtual desktop manager for OS X. I've put it up here in the hope that it will be useful to others. Simply run the app and the desktops pager should appear in the status bar.

April 26, 2004
Web Developer Extension

The Web Developer extension for Mozilla Firefox and Mozilla adds a menu and a toolbar to the browser with various web developer tools.

Office 2003 vs. Openoffice.Org

"I'm not an anti-Microsoft person, and I think Office is a good product," said Benincasa. "However, we are cautious with our IT budget, and I'd prefer to spend money that directly relates to our business, like investing in things like hardware. Office 97 does everything we want it to do, and we would stay on that suite if we could. It pains me to have to spend money for features and functions most of my end users won't even begin to need."

Using a GPS watch, XML, and satellite photos

I've received a lot of emails about a project on my running for geeks web site, so I thought I'd show how I make high resolution maps of the places you jog, with the tracks overlaid on top. This is all possible using a GPS-enabled watch, called the Forerunner 201 from Garmin, the included software (Logbook) and a free application called USAPhotoMaps.

April 23, 2004
Securing a fresh Linux install, part 3

In the previous article in this series we looked at ways to secure files and monitor system logs on a Linux server. To finish the series we'll look at security considerations for some important networking tools.

April 18, 2004
Stealing an Election

The track record of the computerized voting machines used to date has been abysmal; stories of errors are legion. Here's another way to look at the issue: what are the economics of trying to steal an election?

Let's look at the 2002 election results for the 435 seats in the House of Representatives. In order to gain control of the House, the Democrats would have needed to win 23 more seats. According to actual voting data (pulled off the ABC News website), the Democrats could have won these 23 seats by swinging 163,953 votes from Republican to Democrat, out of the total 65,812,545 cast for both parties. (The total number of votes cast is actually a bit higher; this analysis only uses data for the winning and second-place candidates.)

This means that the Democrats could have gained the majority in the House by switching less than 1/4 of one percent of the total votes -- less than one in 250 votes.

April 17, 2004
Apache Hello World Benchmarks

Welcome to the Hello World! benchmarks. This site seeks to give its visitors a sense of web application execution speed on various software platforms running under the Apache web server.

April 15, 2004
Debian alert: New mysql packages fix insecure temporary file creation

Two vulnerabilities have been discovered in mysql, a common database system. Two scripts contained in the package don't create temporary files in a secure fashion. This could allow a local attacker to overwrite files with the privileges of the user invoking the MySQL server, which is often the root user.

April 12, 2004
Tutorial: Setting Up Samba 3.x - OSNews.com

Recently I got the opportunity to setup a new lab for a small school. The server runs Linux and the workstations run WindowsXP. There are 3 levels of access on the workstations (admin, teacher, and student) and security on the workstations is based on Windows policies applied at logon.

A Manifesto for Collaborative Tools

This essay is a manifesto about software for collaboration -- why the world's future depends on it, why the current crop of tools isn't good enough, and what programmers can and must do about it.

April 11, 2004
Creating custom kernels with Debian's kernel-package system

This document is intended to help Debian newbies use the kernel-package system to create custom kernels.

April 08, 2004
ModSecurity - Web Intrusion Detection And Prevention

ModSecurity is an open source intrusion detection and prevention engine for web applications. Operating as an Apache Web server module, the purpose of ModSecurity is to increase web application security, protecting web applications from known and unknown attacks.

Centralized Printing Using CUPS

Love or hate it, printing is something every user needs to do. In today's heterogeneous computing environment, providing a centralized printing solution can prove to be a pain. The days of having a large, dedicated printer for only UNIX systems are pretty much gone. I still remember the days of de-batching prints and sending them to users. Increasingly, system administrators find themselves having to make their UNIX systems print to printers sitting next to desks that are scattered throughout the company. Add to that the need for increased security, and you could find that firewalls also need to be navigated.

Such a situation exists where I work. A number of printers are scattered throughout the company, with UNIX systems sitting on different LANs and firewalls in between. None of the systems can talk directly to the LAN to which the printers are connected.

Wow. I thought I was paranoid.

I've never even considered firewalling off my print LAN...

April 07, 2004
Is there a rootkit hunter in your arsenal?

It's been about three years since I woke up one morning and discovered my Web/mail server was rooted. Thinking back, I must have assumed that just running Linux was enough to keep me out of harm's way. These days I am not so cocky. I try to keep current with security patches for the apps I run. I don't run services I don't need or use. And there is a firewall between me and the wild. One thing I haven't made a part of my regular routine -- not yet, at least -- is checking for rootkits on a regular basis. That may be about to change, since I found a nifty little project called rootkit hunter.

New Life for Old Microsoft Access Data

I recently had just such a problem. A community organization I worked with had a PC-based application with a rather large membership database in Microsoft Access format. A custom program from a third party had been written to work with the database, but in time the license had expired and there was no longer a way to get an update of the software. As luck would have it, the information had suddenly become important again. We had the old database backed up and stored on a Linux system. In our new open source world, plenty of powerful databases, such as the Oracle Database on Linux, were available to us. One option would have been to purchase a copy of Microsoft Access and create an application, but that would have involved locking ourselves into the same proprietary mold that had gotten us into this mess in the first place. Furthermore, the organization wanted to be able to access this data remotely from a secure server.

Going Microsoft again wasn't a desirable option. Linux would be the foundation for this new database server, and it would run an industry-standard SQL database. So how would we go about extracting the data trapped in the old MDB files without resorting to setting up a Windows server with a new Access license and another lock-in to a single-architecture solution?

A Portable Thin Client Approach

We were aware of several open-source thin client projects, most notably, the Linux Terminal Server Project (www.ltsp.org) and Netstation (netstation.sourceforge.net). Although these packages have proven popular, we found them complicated to set up and maintain. They required us to put together a tightly coupled server and client environment: critical client files needed to be served through NFS, for example.

An approach we liked better was the Virtual Network Computer (VNC) from AT&T (www.uk.research.att.com/vnc). VNC is a remote display system that allows you to view a computing desktop environment from anywhere on a network and control it as if you were sitting in front of that computer. The beauty of VNC is that it works with a wide variety of platforms for both the client and the server. The server and the clients communicate primarily through the VNC protocol, so they are not as tightly linked. We could run it on almost any type of client and any type of server.

April 06, 2004
MythTV on a dedicated Eden/PVR350 Mythbox Walkthrough

This document describes the installation of MythTV from scratch on a dedicated Mythbox using Debian GNU/Linux NetInst. You'll need a working internet connection (server/router or similar).

Overcoming Asymmetric Routing on Multi-Homed Servers

Most of the traffic volume on a Web server is outgoing because HTTP responses tend to be much larger than are requests. Therefore, the effective bandwidth of this server still is limited to 100Mb/sec, even though it has two load-balanced interfaces. Load balancing the requests alone does not help, because the bottleneck is on the response side. Packets either use the default rule through eth0 or, if they are destined for the local subnet they have to choose between two equally weighted routes. In that case the first route (again to eth0) is selected. The end result is the Web requests are balanced evenly across eth0 and eth1, but the larger and more important responses all are funneled through a bottleneck on eth0.