wiredfool

Archive for June, 2002

Fair Transportation

Bike wheels at the Freemont Fair

No comments

What a mess…

Today was a lost cause. I spent way too much time dealing with upgrading OpenSSH on boxes with 5 different Vendor/OS combos. It didn’t help that there were construction workers taking hammers to the stucco on the outside wall of the office.

For those of you not playing along at home, this looks bad. There’s a vunerability that’s been around for a while, that is apparently so exploitable that when a patch is produced, it’s going to be a major horse race between the sysadmins and the blackhats. And the blackhats are going to win a lot of those races.

But there’s this new feature that got released a week ago that in Theo’s words: “will one day save our asses”. Unfortunately, that feature doesn’t completely work on at least a few common platforms, one of which is Linux with a 2.2 kernel. If you don’t disable compression with the “Compression no” option, you can’t login.

At least the sysadmins have a few days head start.

So: Easiest platform is Debian/woody. “sudo apt-get update” then “sudo apt-get install ssh”. Redhat 6.2 is a manual compile, not bad but noting is in a standard location. And there’s that compression thing. Debian potato has this as a major version upgrade, so there are new keys and config file tweaking to make old RSA authenticated backups work. The Cobalt/Sun RAQ doesn’t ship with ssh, so it’s the friendly admins on the security list to the rescue.

Finally, there’s Apple and OsX. If I don’t hear from them in the next day or two, I’ll be compiling my own. But I really hope that there’s an os package for this before monday.

Because Monday is when OpenSSH 3.2 turns into a pumpkin with the release of the patch that tells every black hat where to look. At least there’s a mostly working version availiable before the meltdown. In the meantime, this could be an excellent time to do a little firewalling of ssh to just those locations that need access.

No comments

Wireless Fool

I should rename this wireless fool.

For the last week or so, the envrionment in the office has degraded. First they threatened to jackhammer. The Movie theatre was taken out. Then they really did come with jackhammers to take out the concrete deck. then little hammers to take out the stucco. Then a plastic canopy to seal off all the outside breezes and light. Now saws.

So I am in a local coffee shop (Capitol Hill Internet Cafe). Working wirelessly. Cellphone, Airport, and the occasional charge from the convenient outlet. And unlike Starbucks, the airport network is free and open, they have good coffee, and good food.

No comments

Bike x 2

“Test Pilot”

No comments

Weekend Pictures

2 small dogs and a trivia hammerhead.

Monitor Menagerie.

Turn 2 in the ballard crit. Pro-1-2 race. I'm behind the camera, not in the race.

2 from the Ballard Criterium. One of the faster criterium courses in the area. It’s mostly flat, 4 cornered, and pretty wide.
The leaders early in the race.

This race is the fast guys, Pro & Cat 1,2. Kenny Williams won this one by bridging up from the pack to the lead group with one other rider, then dropping the other 2 in the lead group with a few minutes to go.

No comments

How To: Blackhole Email Server

Sometimes you just need a machine that you can throw email at and have it dissappear into the ether. Maybe you want a honeypot, or maybe you want to load test email lists without annoying people. My last email blackhole was on a linux box running qmail, but unfortunately that box was rooted and reformated. Now all of my systems are running postfix, so it was time for a little updating.

The first step is to get postfix installed. This will vary from system to system, but it’s known to work on most unixen, including OSX. You want to set it up as a normal internet mail host operation if given the choice.

Then you need the following things:

A shell script null.sh in an accessible directory with the contents:

#! /bin/bash
echo 0;

Edit /etc/postfix/transport to include the following line, which sends all domains to the null transport. This even redirects the local mailer to your null script, so nothing gets delivered.

*       null:

Run the following command to rebuild the transport map:

postmap /etc/postfix/transport

Add the following lines to /etc/postfix/master.cf. This is the definition of the null transport. Substitute your path to the null shell script for [[PATH]]

null      unix  -       n       n       -       -       pipe
  user=nobody argv=[[PATH]]/null.sh ${user}

And finally, you need the following line in /etc/postfix/main.cf, which gives the path to the transport map that we defined above.

transport_maps = hash:/etc/postfix/transport

You should now be able to restart postfix using:

 
sudo postfix reload

Test sending some mail while watching the mail log, and you should see lines like:

Jun 11 22:02:03 cabbage postfix/cleanup[5449]: 548BA27227:
    message-id=<20020612050203.548BA27227@cabbage>
Jun 11 22:02:03 cabbage postfix/qmgr[2799]: 548BA27227: 
   from=<foo@example.com>, size=1346, nrcpt=1 (queue active)
Jun 11 22:02:03 cabbage postfix/pipe[5451]: 548BA27227: 
   to=<bar@example.com>, relay=null, delay=0, status=sent (*)

The last line shows that the message was sent to the null transport, and since the null transport has no way of going anywhere, that’s where it ends.

This is a basic blackhole for email. As with all things associated with email, it’s easy to embarass yourself if you make a mistake. Some other good things to do to an email black hole are block outgoing connections to port 25 with firewalling rules and removing the default route from the routing tables. You may even want to use an external firewall to prevent all outgoing connections.

***Update

For some unknown reason, the transport map isn’t picked up on OSX when postfix is built from source. (It works on Debian though). Setting default_transport = null in main.cf works in a similar manner, with the exception of local delivery.

No comments

Books and the Music Industry

The more I hear pundits talking and writing about the Music industry and the Book industry, the more I’m convinced that they’re in the same boat.

For the most part, the point of the big publishing houses is not to go about the business of getting books/music written/performed, It’s the promotion of the next hot title. The book industry has the high volume dreck, it has instant sellout potential when a book is mentioned on Oprah. It’s similar to the way that a hit single, if put in the right locations and helped with a little grease will become a runaway success.

And both the book industry and the music industry are scared stiff by the internet.

But that view is the high level view that covers the fraction of a percent of the product that gets national attention. There’s far more out there than you have heard of, and it’s just waiting to be discovered. University presses published 135,000 books last year (figure from NPR tonight). There are countless small bands that can produce independent albums without the intervention of the big labels. In the last month, I’ve picked up three cds from local artists, all of whom produced most if not all of their music, none of them with a recording deal.

The difference, perhaps, is that the barrier to duplication for bands is much smaller. Locally, you can start with cover art and a cd-r, and $1200-$1800 later you’ve got 1000 copies of your cd. You can’t quite get a book duplicated for that.

So what is the future of the Music/Book business? Both exist to generate demand for things that artists produce. I’m not sure, but I’d venture a big guess that the same restrictions on use that will be pushed by the big publishers will ‘accidentially’ make it much harder to self publish.

No comments

Gardenburger and Fries Directory

Sometimes I just want pub food. Beer, Fries and Garderburger. Sometimes served in the sun on a porch, sometimes in the dark.

But since I’ve driven around in circles trying to think of an appropriate place to go before, it’s time to collect and review the places so that I don’t have to drive in circles again.

So for a gardenburger and fries in the Wallingford/Ballard area of Seattle, Look here.

No comments

Duke’s Greenlake

Duke’s has one garden burger on the menu. It is supposed to come with a salad, but they will replace with fries if you ask and remind them. The fries are farge home fries types, sort of like a large wedge of potato. They do have a good beer menu.

They have a nice location, a good porch for those sunny evenings, but the service is somewhat spotty. This seems to be a resturant that is more popular for its location than its qualities as an eatery. It’s also a little more expensive than the alternatives, with the garden burger coming in at around $9.

Greenlake, west end on Greenlake ave.

No comments

The People’s Pub

The People’s Pub has a good selection of German beers. A garden burger is on the menu, but I haven’t tried it just yet. Their fries are good. When served during trivia night, they are thin, hot, and crispy.

We need to visit for dinner time to really check them out.

Ballard, 1/2 block down Ballard Ave from Market.

No comments

Next Page »