In a previous post about blacklisting IP ranges used by China I stated why I feel it’s a valid approach. I think I should clarify my own actions when it comes to things like this. Any servers that are owned and admined by me alone (Bytemark Virtual machines, friends servers etc) have a number of deny rules in place to drop connections to a number of important ports (SSH, SSL etc) to reduce the attack vectors provided by the servers. Read on →

Heres my feature request for Gmail, a service I’m mostly happy with. It’d be nice if you could set up read only access to your inbox, or even designated ‘labels’ that you could limit by either assigning a password or allowing full (read) access to everyone. I pipe quite a few mailing lists into my GMail account and I’d like the ability to give certain people read access to anything labled as security. Read on →

Quite soon the Chinese government won’t have to try to censor the net. The western world will just filter off all the traffic coming from China, doing the job much more efficiently. The above quote came from a Slashdot article on China and its Relation With Spam. I don’t normally read the comments on Slashdot articles but I had a hunch some of the posts to this one would be quite extreme; SPAM is one thing that drives most geeks nuts. Read on →

Firstly I need to try and get on to the VMWare beta program instead of only reading about the neat new changes from articles like Flexbetas Inside VMWare Workstation 5.0 Beta. Secondly I’d like to get my hands on this release for two main reasons, firstly the ability to stop and start groups of machines at once would make testing certain sets of machines (webserver and database server used by it for storage) a lot nicer. Read on →

I’m not a big fan of unmarked links pointing to resources that require an external viewer. The worst of these formats, such as PDFs or the Microsoft Office formats, cause the browser to pretty much halt for a couple of seconds while the viewer is loaded and then change the behaviour of the UI (if you are viewing a PDF in FireFox for example, Ctrl-W will not close that tab) in a way that seems designed to annoy people who know how to use the keyboard. Read on →

From an article called Faster Python grabs programmers: The new version of Python includes a new module that allows system administrators to use small Python programs instead of shell scripts, said Michael McLay, a consultant who is the resident Python expert for the nonprofit Center of Open Source and Government. Shell scripts, written to execute routine system administration tasks, have more security vulnerabilities and offer less feedback when errors occur, McLay said. Read on →

Although it actually sounds pretty fast, when you actually start benchmarking it, Gigabit Ethernet isn’t quite as good a solution as you’d think. As more and more commercial deployments move to using SANs and NAS for online storage and backups it’s increasingly easy to saturate existing LANs. One possible solution as people start to look at 10 and 100Gbps networks is FireEngine (PDF), a set of architecture changes and improvements for Solaris 10. Read on →

Google recently held a short talk in London (they are recruiting for their ‘new’ Dublin office) that covered a couple of interesting topics such as redundancy using commodity technology (LOTS of cheap machines with the same data), how to create rolling brown outs (rooms packed full of 80 1U servers in every rack seems to do it) and how to horizontally scale everything to meet their needs. The one slide that really caught my attention was mostly flippant but makes an important point about the kind of traffic they are dealing with: 1000 queries per second ... Read on →

There has recently been a thread about PHP easter eggs on the webappsec security list. In essence if you call ANY PHP page with certain parameters custom pages will be returned. Here’s an example of the PHP Credits Page. It may seem a little petty to complain about such a small thing in a code-base provided for free but there is a more serious aspect to this, the pages returned vary depending on the version of PHP you run so it’s possible to use this to determine which version the server is running; even if you’ve changed the ServerTokens directive to something more restrictive than the default. Read on →

I wasn’t going to mention this but I’m on dial-up this week and so dog slow down-loading has become an issue for me and this tool might be useful for people in a similar position. The short version is that the packages/Sources file is quite big, down-loading it each day can actually be quite a big hit in terms of bandwidth, apt-dupdate plans to get around this using bzipped diffs rather than re-sending the whole thing. Read on →