Friday, September 28, 2007

Antigen SPAM Gateway


Have you ever had the feeling that all your spam (millions of mails a week, usually up to 95% of all mail traffic) are caused by a very small number of people or viruses? Makes you wonder if it wouldn't be easier to just eliminate spam at the source. Sadly, laws are sketchy and are "impotent" (at best) and in need of "v1eagr4" when it comes to the issue of spammers.

Still, SMTP gateways, greylisting, tarpitting, stuttering SMTP responses, RBLs, antivirus software and such do a pretty good job, keeping spam under 1% (better results are achievable at the risk of eliminating actual requested or regular messages).

Monday, September 24, 2007

Steel insulators...


Yeah. That's right. Steel. Nice and flexible. That's one funky way to spell P L A S T I C (polyethylene or whatever). Makes for one hell of a coaxial cable, don't you think? (and no, it's not talking about the external copper mesh, they've already covered that).

Saturday, September 22, 2007

Cisco VPN client conflicts with VirtualPC and VMware

I've figured out why Cisco VPN client refused to install properly (froze while installing the Deterministic Network Enhancer (DNE)). It conflicts with the VMware virtual network adapters.

The same thing happens when installing Microsoft VirtualPC. It just freezes, and you need to do a system restore, or you won't be able to remove or reinstall it (and it won't work either).

The solution is to temporarily disable the VMware network adapters before you install VirtualPC or Cisco VPN Client.

BSD is GPL, reloaded.


A while back I posted a screenshot from a test. Well, this is from the course.

Yet another entry that says BSD operating systems are released under the GPL. Really, do the people who make this stuff up even bother to check their facts?

Friday, September 21, 2007

Windows Vista TrustedInstaller account.

In Windows Vista, the "TrustedInstaller" account is more trusted than all administrator accounts, so administrators can only _read_ files owned by the TrustedInstaller account. You cannot delete or change permissions of these files.

The problem is that system files in Vista are owned by this account, hence they cannot be touched. I recently had some problems installing the latest and greatest VPN client for Vista from Cisco, and I had to roll back to a previous restore point. So I couldn't delete the leftover files (or mess with permissions, not even in safe mode). I tried everything from procmon and file monitors, and nothing worked until I found some command line tools that allowed me to take over permissions for these files.

The commands that allow you to delete these files are: "takeown" to recover access to a file that was denied by re-assigning file ownership and "cacls" (depreciated by "icacls") to modify file ACLs (access control lists).

And example on how these would work (just run them from powershell or cmd):


takeover /f "C:\Program Files\Cisco"
cacls "C:\Program Files\Cisco" /G cmihai:F


If that won't work:

cd "C:\Program Files\Cisco"
takeover /f *; cacls * /G Administrator:F


Now you should be able to delete those files. If you still have issues, take it one file at a time, or try to reboot to safe mode.

Wednesday, September 19, 2007

First look at Oracle 11g Database

Oracle has made available parts of Oracle 11g, including the database (Oracle Database 11g Release 1 (11.1.0.6.0) for Linux x86) and I figured I might as well give it a spin. Pity there isn't a Solaris version available yet, but I guess this will do.

I won't go through the trouble of getting a RHEL 4 or reinstalling Oracle Unbreakable Linux. I'll just use an updated CentOS 5 with all the dependencies installed.

After creating the oinstall and dba groups and adding the users (useradd -g oinstall -G dba oracle) it's usually a good idea to do some sysctl tuning unless you have the official Oracle rpm for Unbreakable Linux (see Oracle installation guide for details).

Once that's done, we can just unzip the download and we're off:
database/runInstaller




The list of security related changes in Oracle 11g is pretty impressive, and, as any security professional can tell you, it's about time!

  • Automatic Secure Configuration
  • New Password Protections
  • SYSDBA and SYSOPER Strong Authentication
  • SYSASM Privilege for Automatic Storage Management
  • Encryption Enhancements
  • Fine-Grained Access Control on Network Services on the Database
  • Oracle XML DB Security Enhancements
  • Directory Security Enhancements
  • Oracle Call Interface Security Enhancements
Interesting features include:

  • SQL Developer - Microsoft Access to Application Express migration
  • SQL Performance Analyzer, replay abilities, etc. (similar to Quest software: Spotlight, Foglight) and various tuning tools.
  • Hot patching



The connection to Microsoft Access databases (JET) is quite a nice feature. It allows migration without having to connect it to a MS SQL Server first and then connecting SQL Developer to that. It also keeps things in sync between Oracle SQL Developer and the .mdb file.


(much later that day...)

Well, I just came from the official Oracle Database 11g Launch here. They seem to have quite a strong partnership with HP and Intel. Seems like Intel does have a 80 core CPU in development also... neat.

I must admit, some of the new features look pretty impressive on paper (Flash Back and Total Recall), and Oracle Secure Files (though it does remind me of ZFS in an odd sort of way).

Speaking of which, Oracle Information Lifecycle Mangement (ILM) with policies and all that do remind me of Sun StorEdge QFS and SAM-FS . Interesting how that goes.

From what I've seen so far, the update to Oracle 11g seems worth the trouble (though I'd generally give it more time for testing). They will be stepping on quite a few toes, implementing features that are a bit similar to those found in other products... though, knowing Oracle, they could probably just buy them all. After all, they did acquire like 34 companies since 2005 ;-).

Tuesday, September 18, 2007

AMD - Ati Open Source Graphics Driver Development Initiative

Amd announces support for open source driver development.

"To accelerate this initiative, AMD partnered with Novell’s SuSE Linux engineering team. The initial release includes source code and hardware specifications to engage the Open Source community for collaboration on 2D graphics drivers.

Over the following months, AMD will work with the community to enable 2D, 3D and video playback acceleration to provide the best possible experience on the Linux desktop. This strategy complements and enhances AMD's existing support of the Linux community through its regularly released high performance Catalyst driver."

I wonder if this means they'll disclose hardware issues they (try) to fix in software and drivers, as well as any special "optimizations"...

Now that Intel and Ati drives have some sort of open source future, what will NVIDIA do?

Matching a TCP port to a process PID.

In Linux there is:


"lsof -p $PID-a -i 4 2" to list all ports used by a process

or

"lsof -i 4:$PORT" to list which process is using a port.


The problems is that the Solaris port of lsof is broken and cannot match ports/pids. Also, lsof isn't in Solaris, being a 3rd party application you need to install yourself (blastwave, etc).

Netstat doesn't help us either, but there are 2 native Solaris tools that do: pfiles and fuser.


for x in `ps -ef | awk ' { print $2 } '`; do echo PID: $x ; pfiles $x | grep "port: "; done

or

ps -e -o pid | xargs -t -n1 pfiles | grep "port: $PORT"


Another interesting alternative is PCP (it basically does the same thing, but adds some indentation and such):
http://www.unix.ms/pcp/

PCP is a script that enables administrators to see what open TCP ports are in use on a Solaris system. It maps ports to PIDs and vice versa. It accepts wildcards and will also show at a glance all open ports and their corresponding PIDs. I wrote it because I couldn't install lsof where I was working, and "lsof -i" is a great addition to any UNIX admin's toolbox. PCP is a half-decent alternative.

Monday, September 17, 2007

The wonders of Akamai

I got a really nice 404 while trying to download some Windows tool today...


Don't get to excited over nothing though, it's just the Akamai mirroring system download.microsoft.com uses.. though it's a lot more fun when you see it as a 404 then when you'd telnet port 80 or sniff traffic to see http responses ;-).

Saturday, September 15, 2007

SCO filed for bankruptcy

Looks like they finally went belly up... never a good idea to mess with Big Blue (sue IBM&CO). They seem to owe money to Novell too...
The SCO Group Files Chapter 11 to Protect Assets as It Addresses Potential Financial and Legal Challenges:
http://biz.yahoo.com/prnews/070914/laf040.html?.v=101

Friday, September 14, 2007

BSD... is now GPL?!



Well, this is news to me... Sigh. Makes you wonder if the people who make these certification tests even bother to get their facts straight.

Wednesday, September 12, 2007

VMware Open Sources VMware Tools!

http://open-vm-tools.sourceforge.net/
Open Virtual Machine Tools!!! Expect to have them on your favourite OS soon :-).

QNX Publishes the Source Code



QNX is a UNIX-like RTOS (Real Time Operating System) that powers everything from Cisco IOS-XR (ultra high availability IOS) to safety inspection 3D imagery tools that scan the exterior of the shuttle Discovery.


Now it seems they're trying to regain community support, and have published their source code.

http://www.qnx.com/news/pr_2471_1.html
Big news for QNX fans.