Fri, 14 May 2010 18:18:37 -0600 http://www.kislinux.org/ PostNuke Powered Site en-us http://www.kislinux.org/images/logo.gif http://www.kislinux.org/ bphinney_mail@kislinux.org http://www.kislinux.org/Article197.html Update: Whew, been a long time since I updated the site. I expect no one actually reads this but my wife went to it by mistake and then reminded me that I had not posted an update in a long time. Fri, 14 May 2010 18:18:37 -0600 http://www.kislinux.org/Article196.html So, about 3 months since my last post. Busy busy. I have moved into a new home in the North suburbs of Atlanta. Up in Cumming. It is a really nice place, albeit, much more expensive than the old homestead. But the location couldn't be any nicer and we really like the community we are in. Making major changes to the home as well, getting a fence put up around the back yard and trying to get some other stuff finished off. We also have a new addition to our household, Buddy is a 2 year old Beagle and is just the sweetest, cutest dog. He has a few weak spots that we are working on but most of them just amount to him being a Beagle. He is about the beaglest beagle I have ever run across. Headstrong, stubborn, and a bundle of energy. But, he loves to cuddle and my wife has really taken to him. Thu, 28 Aug 2008 05:00:41 -0600 http://www.kislinux.org/Article195.html Well, it has been a busy few months since my last post. My new job is still going strong and I have been very occupied getting things done. The new gig is a lot more Unix Admin oriented, along with the normal routine supporting Application servers and applications. Different type of applications than I am used to supporting with a totally different emphasis, so getting up to speed has been quite a challenge. Wed, 07 May 2008 05:19:57 -0600 http://www.kislinux.org/Article194.html Well, apparently some comment spammers found my site at some point and had started the process of automating comment spam into my articles. I have disabled comments, deleted all comments from the database directly and removed the user accounts that were created by the comment spammers (most were using email addresses in China) and generally cleaned up some of the areas of the site that enticed them to visit it. Wed, 19 Dec 2007 11:01:36 -0700 http://www.kislinux.org/Article193.html Another quick update. I am still caught up with changes and new things. I have a new civilian job after 5 years. Nice to be back in the private sector after such a long time working in government. But, it is more of a challenge, faster-paced and requires a lot more work. So, I have been very busy trying to get things moving there so that hopefully, when I am done, I will be able to relax a bit more. The new version of Mandriva, 2008 is out and I have upgraded both of my home machines to the new version. This particular upgrade process went very smoothly so I have to give credit to the developers, they are producing better and higher quality releases with each new version. Sun, 21 Oct 2007 09:42:34 -0600 http://www.kislinux.org/Article192.html After a very extended absence, I have finally returned. There have been no updates to the site since before March because I have been caught up with real life. For the record, I am in the Army Reserve and I needed to attend training for my specific Miltary Occupational Specialty. It took a long time and during that time, I was not able to make any specific updates to the site. My impending absence was the original reason that I moved all my web sites and other items to a dedicated hosting provider rather than continue to host them from my location. Tue, 28 Aug 2007 11:55:41 -0600 http://www.kislinux.org/Article191.html The Web Server has been moved to a new hosting provider. Fri, 12 Jan 2007 10:01:04 -0700 http://www.kislinux.org/Article190.html The mod_security module for Apache is one of the most versatile and easiest ways to provide a lot of security for Apache without too much effort. The hardest part of implementing mod_security is matching up the actual rules to your particular webserver so that you are blocking potential exploits but allowing traffic that is expected and necessary. For instance, there are a lot of PHP exploits that can be used against Apache, however, in most cases, you will only be running one or two of the potential PHP applications that those exploits are targeting. Normal security precautions would recommend that you limit your exposure by making sure that you keep current with security packages for those applications while disallowing all other PHP application traffic. This is where it becomes necessary to customize rules for mod_security to distinguish between normal expected requests and requests that you know are exploits. Caveats: I run Mandriva 2006 and this howto assumes that you are running Apache 2 within the Mandriva 2006 version of the distribution. If you are not, you will need to check and alter paths as needed. Also, this howto assumes that you already have a working installation of mod_security. Mon, 20 Feb 2006 10:41:30 -0700 http://www.kislinux.org/Article189.html Often when you hook up a new and sometimes expensive LCD Monitor under Linux, you may be underwhelmed by the result. If fact, in many cases, you will notice major discrepancies between the quality of the display under an OS like Windows and that provided by Xwindows under Linux. This is usually not the fault, necessarily of Linux. Manufacturers provide specific settings to Microsoft for inclusion in their OS, and even when they don't, they can provide an information file that tells Windows all of the details about the settings of the Monitor. Also, there is a specific technology that Monitors use to communicate their settings to the OS. Extended Display Identification Data is a VESA standard data format that contains basic information about a monitor and its capabilities, including vendor information, maximum image size, color characteristics, factory pre-set timings, frequency range limits, and character strings for the monitor name and serial number. However, that sometimes doesn't work well with Linux and can either confuse the x-windows system, or cause x-windows to be overly conservative in configuring the display. Here is a way around that. Thu, 12 Jan 2006 20:40:52 -0700 http://www.kislinux.org/Article188.html As a follow-up article to yesterday's article on blocking Referral spam with mod_security, I thought that I would include a discussion and copy of a script that I am currently using as a proactive addition to help with blocking referral spam. First, we should discuss why it might be necessary to take additional steps beyond simply blocking with mod_security, and then I will discuss the specific steps that I take. Blocking wth mod_security will stop ongoing referral spam by causing the spammer to receive an error code and stopping him from infecting your blog or website with his referral spam. However, there are several other unwanted effects from referral spam and the mod_security solution does little to stop those. These include, using your excess bandwidth by hitting your site with multiple attempts to leave referral spam especially since referral spammers often use bots, including distruibuted zombie nets and they don't monitor the results of their traffic. Also, your log files will still fill with the errors caused by this traffic. What can we do about that? Thu, 05 Jan 2006 10:23:56 -0700 http://www.kislinux.org/Article187.html Referral spam has become a major problem on most blogs and even on some very unrelated websites. Basically, referral spam is the act of accessing a web site using a referrer in the header which is then added into web stats for the site as a referrer. On those sites that actively publish their referrers, these show up as links to those URL's which search engines may index. For engines such as Google, lots of referrer links can effectively raise the PageRank of the URL within the Search Engine. Also, sometimes users will click on the URL's from the referral page to see what kinds of sites are linking to that site. This results in traffic. The majority of people engaging in referral spam are the usual suspects who also engage in email spam. I could give you a list but it doesn't really matter. Basically, they have no interest in your site other than trying to earn mileage from your traffic and bandwidth. In most cases, the spammer themselves never even see your own content, they are using bots, either from zombie bot nets or through open proxies to send GET or HEAD requests and they don't even monitor or wait for a reply but simply initiate another request to build the referrer link. Wed, 04 Jan 2006 13:29:13 -0700 http://www.kislinux.org/Article186.html I am running Mandriva 2006 on a Dell laptop which has built in SmartLink modem. Although I do have an external serial modem that I can use with the laptop, convenience makes it simpler to get the internal modem working under Linux. The Powerpack version of Mandriva 2006 includes a pre-compiled kernel module for the SmartLink modem but once you start upgrading the Kernel to the latest supported version, you either need access to a new pre-compiled version, or you need to roll your own. This article will tak about how to go about rolling your own. Wed, 28 Dec 2005 09:11:50 -0700 http://www.kislinux.org/Article185.html This article is another follow-up to the rate limiting features of Shorewall. I am basically posting the results to show what happens once the rate limiter is in place and you get inevitable attempts to brute-force SSH connections. Wed, 14 Dec 2005 11:10:31 -0700 http://www.kislinux.org/Article184.html This article is basically a follow-up to the last article where I mentioned how to configure Shorewall to limit the number of connections per IP to SSH in order to restrict Brute-Force attempts against SSH. This article will provide a howto for setting up a generic per-IP rate limit that can be reused for multiple ports, services and connections with different limits depending on how you configure the rules. This would allow you to, for example, setup SSH with a 3 connection per IP each minute limit, and also setup FTP with 4 connections per IP per minute to help guard against brute force attacks directed at an FTP server as well. Wed, 14 Dec 2005 11:08:48 -0700 http://www.kislinux.org/Article183.html A new netfilter called recent has been added to IPTables and newer versions of Shorewall can actually use this netfilter for varied functionality. This article will basically talk about how to use this netfilter to protect against Brute Force attacks against SSH which is a current issue as Linux gets more popular. While SSH itself is fairly secure against most of these scripted attacks, they are still fairly annoying for most admins who monitor systems because they take up space in the log files and all the extra "noise" can possibly be used to mask a successful attempt to compromise a system. Wed, 14 Dec 2005 11:07:00 -0700 http://www.kislinux.org/Article182.html This article is basically a follow-up to the last article where I mentioned how to configure Shorewall to limit the number of connections per IP to SSH in order to restrict Brute-Force attempts against SSH. This article will provide a howto for setting up a generic per-IP rate limit that can be reused for multiple ports, services and connections with different limits depending on how you configure the rules. This would allow you to, for example, setup SSH with a 3 connection per IP each minute limit, and also setup FTP with 4 connections per IP per minute to help guard against brute force attacks directed at an FTP server as well. Sat, 10 Dec 2005 16:25:03 -0700 http://www.kislinux.org/Article181.html A new netfilter called recent has been added to IPTables and newer versions of Shorewall can actually use this netfilter for varied functionality. This article will basically talk about how to use this netfilter to protect against Brute Force attacks against SSH which is a current issue as Linux gets more popular. While SSH itself is fairly secure against most of these scripted attacks, they are still fairly annoying for most admins who monitor systems because they take up space in the log files and all the extra "noise" can possibly be used to mask a successful attempt to compromise a system. At any rate, it is possible to restrict the number of attempts that each IP gets to connect on particular ports. While this could also be used to build a DOS protection scheme, it is particularly useful in protecting against unrestricted Brute Force attacks against SSH. Now, on to the details: Thu, 08 Dec 2005 07:53:18 -0700 http://www.kislinux.org/Article180.html Desktop Linux highlights a story from an author who moved his elderly mother and father from Windows to Linux. "The author explains how he moved his elderly parents from a problematic Windows XP desktop system to Mandriva PowerPack 10, leaving spyware, viruses, slow performance, and myriad other problems behind." Mon, 05 Dec 2005 16:36:49 -0700 http://www.kislinux.org/Article179.html You thought God, capital punishment, and fur pillows were controversial? Try sitting down with database designers and asking them to define a relational database. And as long as you don’t mind a little blood on the carpet, try arguing that MySQL isn’t even a database system, leave alone relational. The gist of criticisms have gone like this: “Don’t make me laugh. MySQL is not a transaction database. It’s good in that it’s fast, it can query information and assemble that information, but that’s about it.” Stored procedures, views, and other features were often listed as missing from MySQL and proof points of its inferiority as an enterprise choice. As Zack Urlocker, MySQL’s Marketing vice president, remarks: “People’s perceptions are sometimes locked into earlier versions of MySQL.” The curious divided screen—MySQL’s enormous user base of 5 million users from free downloads and 5,000 paying customers—and perceptions that MySQL is still too much a work in progress—has not deterred MySQL’s developers from working for progress toward enhancements and tools. And now that MySQL 5.0 is getting readied for prime-time (Urlocker says 5.0 is targeted for production in Q2), old perceptions could be looking even lamer. Mon, 05 Dec 2005 08:52:31 -0700 http://www.kislinux.org/Article178.html One of the hottest topics in all of IT today is the subject of virtualization. While it has been around for some time, it has just recently started to garner the attention of the biggest names in tech. Everyone from Intel and AMD, to Microsoft, Sun, and virtually every commercial Linux vendor has either current or planned support for virtualization. So what is it, and why is everyone so head over heels about it? Virtualization comes chiefly in two forms, hardware or software virtualization. The most well known is likely hardware emulation. In this type of virtualization, the host OS provides a layer which translates the usual system functions of the guest OS. For example, VMware running on Linux but also running a Windows OS inside the application. In this situation, VMware intercepts the calls Windows makes to the actual physical hardware and translates those calls into a manner in which the Linux kernel can understand. So if Windows says it needs access to the BIOS or video card, VMware steps in and takes the message then acts as a translator and asks the Linux kernel to please provide the needed information or run the processes, once that information or process is complete then VMware must take the translation back in the other direction, from Linux to Windows. The guest OS is provided with a complete, virtual environment in which to carry out its duties. This environment can even be made to emulate hardware that the host OS doesn't even have access to (such as a PDP-10 emulator allowing ancient Unix code code to run on top of Linux). As you can see, this type of virtualization has one inherent flaw, guest OS's will never be as fast or responsive as the host due to the translation that must occur. This limitation with emulation has been worked around and made to be a relatively small enough issue that many still rely on such solutions. This issue of speed, or the lack thereof, was much more significant in the past due to physically slower hardware. Even with todays hardware, the difference can be quite noticeable for some applications. Therefore, this type of virtualization has always been considered by many as more of a workaround than a perfect solution. Luckily, hardware virtualization technology did not stop with emulation. But we'll get back to that shortly. Mon, 05 Dec 2005 08:47:18 -0700 http://www.kislinux.org/Article177.html Encouraged by a solid 3,300 user responses to its Desktop Linux survey, the Open Source Development Labs (OSDL) Desktop Linux Working Group (DTL) Tuesday thanked all its respondents by email and began sifting through the mountain of data the survey provided. The month-long online survey focused on determining the key issues driving Linux on the desktop as well as the major barriers to Linux desktop adoption, OSDL officials said. "What was most surprising to us was probably the top two reasons given for deploying Linux on the desktop," OSDL's Principal Analyst Dave Rosenberg told Ziff Davis Internet. "It's not TCO (total cost of ownership), or security, or lack of license fees. It was 'employees requesting Linux (user demand)' and because 'my competitors have successfully deployed Linux.' " Wed, 30 Nov 2005 12:54:53 -0700 http://www.kislinux.org/Article176.html A recent report authored by Security Innovation tried to set a methodology and track real world IT pain from installing and maintaining both a Windows Server and a Linux server in the Enterprise. The study itself was sponsored by Microsoft and not-unsurprisingly, came to the conclusion (as all MS sponsored studies tend to do) that Windows caused less IT pain than Linux. The author of the study has been very forthcoming in attempting to defend his methodology and stress that the study itself was independent of the funding and was not MS sponsored FUD (Fear, Uncertainty and Doubt) that has characertistically been part of the MS Get the Facts campaign. Paul Murphy looks at the study and determines why it fails to adequately address real world comparisons and gives Windows a built-in advantage over Linux. Tue, 29 Nov 2005 11:51:52 -0700 http://www.kislinux.org/Article175.html Crashes, viruses, worms, patches, forced-upgrades... Despite all these drawbacks, why does Windows still dominate the PC desktop? Why haven't users switched to Mac or Linux? Tony Bove answers these questions and explains how to "escape the Beast from Redmond and still function," in his new book, Just Say No to Microsoft. According to its publisher, Just Say No to Microsoft is an entertaining overview of the computer desktop world, but it also features practical information about alternative operating systems and programs that will help Microsoft captives exercise their freedom of choice. After tracing Microsoft's rise from tiny startup to "monopolistic juggernaut," Just Say No to Microsoft "chronicles how the company's practices have discouraged innovation, stunted competition, and helped foster an environment ripe for viruses, bugs, and hackers." Bove also examines other operating systems, such as Linux and Macintosh, and Microsoft Office alternatives that will keep readers productive and able to interact with their Microsoft-using colleagues and friends without missing a beat. Thu, 03 Nov 2005 10:18:36 -0700 http://www.kislinux.org/Article174.html Computer buyers interested in obtaining a pre-loaded Mandriva Linux laptop from a mainstream manufacturer (Dell) can now do so, but they have to buy it through a French sales outlet, reports Steven J. Vaughan Nichols in eWEEK.com. "This is the first time any Dell laptop with pre-installed Linux has been sold or supported by Dell," Vaughn-Nichols writes. "Previously, only Dell N-Series Precision Workstations with Red Hat Linux were available from Dell." Thu, 22 Sep 2005 08:13:57 -0600 http://www.kislinux.org/Article173.html Indonesia's Ministry of Research and Technology Thursday said it will implement a Java Desktop System (JDS) on Linux as a national-standard desktop, customed-designed for its own culture. This desktop software will be a major component of the new Indonesia Goes Open Source (IGOS) program that aims to help eliminate the "digital divide in the world's largest archipelago," the ministry and Sun Microsystems said in a joint announcement. The ministry said it will develop its own IGOS-branded software stack using JDS on Linux as the base platform. The agreement with Sun -- for an unspecified number of years -- has the goal of installing copies of the open source-based desktop across Indonesia, beginning with its government-affiliated offices, the ministry said. Mon, 19 Sep 2005 08:45:54 -0600