Category Archives: Technology

Good Deed

Leave a reply

This morning the SSH scan detector software that I run (DenyHosts) sent me an email indicating that it had detected a SSH scan and blocked the host.

The host name it reported did not appear to be a dynamic host (like those usually assigned by DSL provider), so did a little digging to identify who owned the system.

I notified Terry about the problem … and they replied …

I just checked the .100 address and found that I had (in an unbelievable amount of stupidity) left a test account on the system, and someone from Italy was actively engaged in running an SSH scan from that account. I contacted their ISP, hopefully they will do something about it. I removed the account, and will be taking the machine down momentarily to be rebuilt after I back some data off of it. How embarrassing. Thanks for letting me know. I suppose it is time for me to install that bridging firewall running snort I’ve been meaning to build… gah!

Glad I could help, Terry. Chalk one up for the good guys.

[tags]ssh, security, linux[/tags]

Now I’m a ‘Pod’ people

3 Replies

Yes, it’s true. I’m officially an IPODder.

For reasons I won’t go into, my good friend Steve gave Ginny and I a $500 gift card to ABT Electronics (he’s a VERY good friend).

Today we decided to go over to ABT to see what we could get.

Talk about a madhouse … I thought Frys was crazy, but ABT was insane.

Steve showed us some of his the kitchen appliances he’s getting for the house he’s building … and then left us to make our purchases.

After looking at various items, we decided to get the following …

  • IPOD Nano 4gb for me, including
    • Apple care 2 year warranty
    • Arm band & protective skin
  • Bluetooth headset for Ginny’s cell phone
  • Clock Radio IPOD dock for Ginny

I chose the IPOD because my current MP3 player only has 256mb of memory … and I find it quite frustrating that it runs out of space when I try to put more than a few songs on it.

I wasn’t too thrilled with the size of the nano … but with the skin it’s got enough bulk (and protection) to satisfy me.

Oh yeah … even if you’re not shopping for electronics, I do recommend at least one visit to ABT to see some of their art installations. They have a huge fish tank, a granite globe that floats on water, and this really cool piece that has marbles rolling around tracks. Ginny and I stared at it for about 10 minutes.

The Gift of Compute

2 Replies

My mom needs a new computer … right now she has one of my old systems … a Pentium III 700mhz and a really junky 15″ monitor.

Since I no longer need theshire anymore (all the applications that were running on it have been moved to gondor), I figure I’ll give the system to mom.

Since her monitor is so junky also … I picked up a 19″ LCD display for myself, gave my old 19″ LCD display to Ginny, and took her 15″ LCD display for the servers (which frees up a lot of space on my computer workbench). Now I can also give mom a much nicer 17″ CRT display.

Dad just has to adjust her computer desk so the new monitor will fit. He groused about that when I told him what I was going to do.

Programmer Humor

Leave a reply

You can always tell what language a programmer works with by the way they names their kids.

  • COBOL programmers give their kids long hyphenated names … like ANNA-MARIA, MARIE-CLAIRE, or HORATIO-ALOYSIUS.
  • RPG programmers give their kids short names … like BOB, SUE, JOE, or AL.
  • C programmers don’t name their kids … they just point to them.

If you’re not a programmer, you probably won’t get it.

Backup Everything

3 Replies

Yes, this posting is in both the Life and Computer categories.

It’s just a reminder that you should backup EVERYTHING!

Your computer files, your insurance policies (which I have to do), AND the contact information on your internet domain registrations.

Specifically, make sure the contact information on your domain registrations has a valid email address that will work even if your normal email address isn’t working.

Case in point: I have a friend who’s internet domain has expired … and I’ve been trying to contact him about it because he has a lot of mail queuing up on my server. Unforunately, I don’t know if he’s actually receiving the mail because I can’t send to the email address he normally uses, and the email address on his domain registration seems kind of old.

[tags]email, domains, backup[/tags]

Another upgrade

3 Replies

This weekend I’m going to attempt another hardware upgrade.

The main mail server for midrange.com (rivendell) is showing it’s age … mind you, it’s still performing fine, but it’s pretty loud and it’s maintenance contract expired last month. A new contract would have costed $300, while a new server only cost $600.

So I got a new Dell PowerEdge SC430 (Pentium D, 3ghz, dual core, 1gb ram, 80gb DASD) to replace the current Dell PowerEdge SC600.

My plan is to backup the drives (mirrored pair) to a USB hard drive and then transplant the drives into the new server.

The only hitch is that the new server primarily runs on SATA, while my current drives are PATA. This I’m solving by getting an add-on ATA/133 card. I’ll set the system to boot off of the drives on the add-on card and use the SATA drive as swap space and a backup drive.

In the past, this kind of hardware upgrade went very smoothly. Mainly because Linux was able to detect the changed hardware and reconfigure itself appropriately. This is why I upgraded rivendell to Fedora Core 4. Redhat 8 would not have been able to deal with the new hardware.

Keep your fingers crossed.

Update 3/25 @ 3pm

Looks like the upgrade was a success!

There were a few minor glitches with the file system table (fstab) … since I put the main drives on the ATA/133 adapter card, they changed from being /dev/hda to /dev/hdc. I had to twiddle with the config to get it to boot properly.

And, in case you’re wondering, I did back it up to the USB drive. That took a bit of doing though, because the USB ports on the old system are ‘full’ speed (10mps). I had to put the USB drive on gondor and do the backup via the network in order to get it done in a reasonable amount of time.

[tags]Linux, Fedora, Dell, Poweredge, Upgrade[/tags]

Greylisting

3 Replies

For a while I’ve been using limited greylisting on my mail server with reasonably good success.

Last weekend I implemented site wide and I have to say the results are dramatic. The amount of spam (even low rated by spamassassin) has dropped off significantly.

Detailed information on greylisting can be found here, but in a nutshell:

Greylisting relies on the fact that spammers don’t use normal mail servers. Basically, the first time a mail server receives a mail delivery request, it responds with a soft failure … with a message indicating that greylisting is in effect and they should retry the delivery in certain amount of time (this is a human readable message, not machine readable). Since normal mail servers will accept this message and requeue the email for delivery, the email will then be delivered normally (probably on the next pass).

Spammers aren’t that persistent, so they just go on to their next target.

A good greylisting implementation retains the list of servers that have successfully delivered in a whitelist, so the next time they try to deliver there is no delay, the delay is only encountered once.

One downside of greylisting that I’ve found is that there is an increased chance of messages arriving out of order when a server tries it’s first message deliver. The reason is this … the first message delivery will be attempted and be rejected due to greylisting, if a different message delivery is attempted AFTER the greylisting delay has expired but BEFORE the first message is delivered, then the second message will be delivered and will be out of context.

I’ve got my mail server configured to greylist servers for only 2 minutes … so the next time the server tries to deliver, it’s almost certain to be successful.

I’m using milter-greylist with sendmail. It was easy to setup and works great.

[tags]spam, sendmail, greylisting, milter[/tags]

Patch the server

Leave a reply

A co-worker (Jon) sent out a email notification indicating that one of our internal server applications would have to be restarted in order to implement a modification … or “Patch”.

Being the smart-ass that I am … I replied …

Me: Man, you have got to get those servers to kick the nicotine habit … they are just not handling the patch that well

Jon: Ya, well the Nicorette kept gooping up the CPU fan, so we had to try something different

Jon’s response almost made me fall out of my chair laughing.

(Yes, I am easily amused)