Utah Open Source Planet

The trouble with pizza girls (and everyone else these days) is that they blog.

I love the internet and its bountious opportunities for citizen journalism.  Ten years ago you would never have heard this story.

Craig Burton has written a nice essay on why software infrastructure behaves differently, economically speaking, than other products and why that upsets the natural inclination most people have relative to protectionism. That, of course, is what the whole net neutrality debate is about.

As Craig says, artificially disrupting the "run to ubiquity" in the software infrastructure on which we all depend, disrupts all players: all

So here is my point about the inverted supply and demand model; today's core software infrastructure is made up of a core set of services. Roughly, file, print, web, database, directory, security, and the Internet protocol suite. Anything that artificially restricts the growth of this infrastructure compounds growth limitation on almost all technology across the board.

From Ruminations of a Software Man
Referenced Fri Aug 15 2008 09:48:23 GMT-0600 (MDT)

Tags: net+neutrality internet software infrastructure

I have been trying to come up with some more ways to make this site and the content more helpful for the community.  In my searching for new “features” I came across the Firefox feature of “Smart Keyword Search”.  This post is two part.  One, I’ll outline how to create a Smart Keyword Search item in Firefox specifically for this site and second create Smart Keyword Searches for any website.  This will allow you to quickly and easily search this sites contents anytime you need instruction on a topic!

Smart Keyword Search for Ubuntu Tutorials

To create a Smart Keyword Search for this site you’ll need to first right-click on the blog search field.  The search field is found on the top left above the Donate button.

The resulting window will ask for a name and a keyword.  The name is just for your use, allowing you to organize multiple keyword searches.  The keyword field is the keyword you’ll need to use to quick-search the site.  In the example below I used “Ubuntu Tutorials Search” for the Name and “ut” for the keyword.

Click “Add” to save the changes.  You can now quick-search this site for whatever it is you’re looking for by entering “ut <search term>” in your address bar.  To search for posts related to vmware, for example, you’d use:

ut vmware

Searching can be done from any tab, so you don’t even need to pull up the site first.  Quickly find the tutorials you need, simply and easily.

These steps work for any search form you can find on the web.  Right-click, “Add a Keyword for this Search…”, enter the keyword, and you’re done.

Other Points of Interest

• Improve Application Startup Times With Preload
• Install Adobe Acrobat Plugins For Firefox
• Firefox Shortcut Keys
• Tunnel Web and DNS Traffic Over SSH
• Mozilla Firefox Easter Eggs

Doc Searls must have spent some of his convalescence deep in thought. His recent essay Saving the Net III: Understanding its Frames is a great piece on how we understand and don't understand the Net. This is a long essay. You'll actually have to do some reading if you want to get the meat of Doc's argument. But it's worth the time.

Tags: internet politics regulation open+source

Not long ago the USB mouse that I’ve been using with my laptop finally died.  Granted it may have been due to me stubbing my toe on my backpack and crushing it during the middle of the night.  In any event, I’ve become pretty proficient in the use of keyboard shortcuts in Firefox at this point.  I thought I would share a few with you.

Navigation Shortcuts

Forward, backward, home, address bar and search bar can be done via keyboard shortcuts:

alt+Left Arrow : back

alt+Right Arrow : forward

alt+Home : Home

ctrl+L : address bar

F6 : address bar

ctrl+K : search bar

ctrl+K+Down Arrow : toggle search engine down

ctrl+K+Up Arrow : toggle search engine up

Tab Shortcuts

Opening, closing and navigating your tabs can be done via these shortcuts:

ctrl+t : new tab

ctrl+w : close tab

ctrl+Page Up : previous tab

ctrl+Page Down : next tab

ctrl+tab : next tab

alt+num (1, 2, 3, etc) : tab number

ctrl+shift+T : open recently closed tabs

ctrl+r : refresh tab content

ctrl+shift+r : force-refresh tab content

ctrl+u : view tab source

Are there any shortcuts that I’ve missed?  If you’ve got anything to share, comment.

Related

• Install Adobe Acrobat Plugins For Firefox
• Tunnel Web and DNS Traffic Over SSH
• Mozilla Firefox Easter Eggs

It’s been a while since I’ve blogged about the Flock Browser, and after checking it out today I thought it was time for an update here at Ubuntu Tutorials.  For all of you that are addicted to all of the social networking sites (Digg, Twitter, Facebook, del.icio.us, Flickr, etc) you get an integrated-into-the-browser experience with the Flock Browser.  Follow the steps below and give ‘er a try:

Install Flock Browser v1.2 on Ubuntu 8.04

Unfortunately there are no .deb packages for the Flock Browser so you’ll have to install things manually.  Yes, this’ll require some commands at the terminal.  Yes, I’ll give you cut-and-paste commands.  No, the terminal won’t eat your cat.

1. Download Flock Browser v1.2 and select “Save File” to store it on your Desktop.
2. Open a terminal and run: sudo tar -C /opt -xzvf Desktop/flock-*.tar.gz
3. Create a link to the new browser within your PATH: sudo ln -s /opt/flock/flock /usr/bin/flock-browser
4. Dump the following into a new file: /usr/share/applications/flock.desktop

[Desktop Entry]
Encoding=UTF-8
Name=Flock
Comment=Flock Web Browser
Exec=flock-browser
Icon=/opt/flock/icons/mozicon128.png
StartupNotify=true
Terminal=false
Type=Application
Categories=Applications;Network

You should now have a new entry in your Applications menu called “Flock Web Browser” (your menu may need to refresh first).  You can also launch the browser from the terminal using the command:

flock-browser

Enjoy!  Anytime there is a Flock Browser update you should be able to safely repeat steps 1 and 2 and you’re set.

Random Posts

• How To Disable ipv6 on Ubuntu 7.10 “Gutsy Gibbon”
• Free Promotional Flyers Available for US LoCo Teams - Sponsored by System76
• nautilus-open-terminal : terminal quick launch
• KDE ‘Kompose’ (OSX Expose) : Ubuntu (6.06 / 6.10)
• Beginning Ubuntu Linux : From Novice to Professional
• FC5 Redeemed
• United States of Ubuntu : State of the Union
• One Week With KDE : My Challenge
• Synergy - share input between multiple machines : Ubuntu (6.06.1 / 6.10)
• Some Exciting News For Me

I ran into some Mozilla Firefox easter eggs this afternoon.  Do you have any more that I don’t know about?

Visit these addresses in Firefox 3:

about:mozilla
about:robots

Also some other interesting things to find:

about:config
about:cache
about:credits
about:license
about:buildconfig

(Reference to the “warranty” is a warning message and I’m sure its a joke.  Refer here to previous warning messages prior to this one.)

Related

• Tunnel Web and DNS Traffic Over SSH

I'm still trying to make sense of the news that Comcast is buying Plaxo (reported value of the deal between $100 and $200 M). I can't tell you how happy I am for Plaxo and especially Joseph Smarr who I have great respect for (see our Technometria interview with Joseph Smarr here).

Still, the discontinuity between what Plaxo is and what Comcast does is jarring--at least on the surface. I believe there is a fundamental conflict o interest between a company that does both transmission of traffic and sells other Internet services. Yeah, I know they all do it, but if the FCC wants to do something useful, they ought to separate those functions.

The fact that they have little real competition leads to problems like not treating customer fairly and throttling BitTorrent. That's a problem--but one that I believe will work itself out with more competition--and that's going to come one way or another. But the real problem is that Comcast offers many services that directly compete against the traffic they carry. Do we expect them to act in an unbiased manner in that regard? Sorry, I don't. Where's the Anti-Trust Department when you need them?

Tags: media internet itconversations

Clay Shirky has posted a transcript of his Web 2.0 talk "Gin, Television, and Social Surplus." In it Shirky argues that television was the safety valve that society used to sponge up all the excess cognitive capacity that we developed after World War II. In effect, the mindless activity of watching television kept people from going crazy with all the spare cycles that they had.

Shirky says that with the Internet and Web, we're starting to re-use that capacity for social good, finding ways to create value from what was previously wasted.

So how big is that surplus? So if you take Wikipedia as a kind of unit, all of Wikipedia, the whole project--every page, every edit, every talk page, every line of code, in every language that Wikipedia exists in--that represents something like the cumulation of 100 million hours of human thought. I worked this out with Martin Wattenberg at IBM; it's a back-of-the-envelope calculation, but it's the right order of magnitude, about 100 million hours of thought.

And television watching? Two hundred billion hours, in the U.S. alone, every year. Put another way, now that we have a unit, that's 2,000 Wikipedia projects a year spent watching television. Or put still another way, in the U.S., we spend 100 million hours every weekend, just watching the ads. This is a pretty big surplus. People asking, "Where do they find the time?" when they're looking at things like Wikipedia don't understand how tiny that entire project is, as a carve-out of this asset that's finally being dragged into what Tim calls an architecture of participation.

From Gin, Television, and Social Surplus - Here Comes Everybody
Referenced Tue Apr 29 2008 09:36:02 GMT-0600 (MDT)

Pretty interesting stuff. Go read the whole article.

Tags: web society internet

update: I have also found that prefetching is active in the Epiphany browser as well. The instructions to de-activate it are the same, see below.

I recently found out that Firefox has a feature called “prefetching” that tries to pre-download items that it suspects you might click on soon.  This could help in pre-downloading content that you would visit next (ie; it is linked on the page you are visiting therefore you might access it next), but it can also have the nasty negative effect of wasting your bandwidth on items you don’t ever want.  This can also download cookies from sites you haven’t visited, etc.  Seems like a nasty feature to me!

I also found that this prefetching feature will cause your connection to the ubuntuforums.org (and a few other sites) to be refused if you are also going through a squid proxy.  So, this is a quick suggestion on how you can disable prefetching in Firefox.

Disable Prefetching in Firefox

In your browsers address window enter the address:

about:config

This will pull up your browser settings (in FF3 it will warn you that there be dragons ahead!  Just accept the warning.)  You’ll now want to search for the following string, which you’ll toggle off:

network.prefetch-next

To toggle off this setting simple double-click the listing and it will set to false.  Prefetching items that you might download is now disabled.  Your machine will now kindly only download the content, cookies and images that you actually access directly.

So what is all this RSS hype? I've known about RSS feeds, what they are for, and how to use them for quite a while. It's not like they are new or anything! It wasn't until recently that I started to actually use them though. I didn't know what I was [...]

I realized the other day that the flashplugin-nonfree package appears to be broken.  It’ll act like its installing but at the end, if you pay close attention, it’ll give an error about the md5sum not matching and give up.  This applies to installing the package manually or via the browser notification itself.  I wanted to post a temporary fix while we wait for the package to be updated.

Manually Install Adobe Flash

1. Download the Flash for Linux archive
2. Unpack the archive (/tmp perhaps)
3. sudo cp libflashplayer.so /usr/lib/firefox/plugins

Once you’ve copied the file Flash should be functional.  You may need to restart the browser if you run into performance problems.  Also note that these same steps work for installing flash for the Epiphany browser (yes, even placing them in the firefox folder).

If you still have the flashplugin-nonfree package installed this shouldn’t immediately conflict and my guess is that once there is an update it’ll seamlessly fall into place.  I don’t forsee any conflicts, but you’re welcome to correct me if I’m wrong.

The other day I had my bandwidth upgraded.  I started out with 15/15 mbit speeds and well they handled everything I needed it to.  But the nerd/geek in me didn’t feel this way.  My awesome and amazing ISP Xmission started offering highly speeds as if 15/15 mb wasn’t enough.  As is I’m paying $50 a month.  $40 for the connection and $10 for a subnet of 16 public IP addresses.  Yeah the ip address are more because I can than anything else (I do use enough to not move back to a subnet of 8).  So, back to my bandwidth.  I’m now paying an extra $10 now $60 a month.  My new bandwidth is 50/50 mb.  For those that don’t believe I have a picture.

I realized the other day that the flashplugin-nonfree package appears to be broken.  It’ll act like its installing but at the end, if you pay close attention, it’ll give an error about the md5sum not matching and give up.  This applies to installing the package manually or via the browser notification itself.  I wanted to post a temporary fix while we wait for the package to be updated.

Manually Install Adobe Flash

1. Download the Flash for Linux archive
2. Unpack the archive (/tmp perhaps)
3. sudo cp libflashplayer.so /usr/lib/firefox/plugins

Once you’ve copied the file Flash should be functional.  You may need to restart the browser if you run into performance problems.  Also note that these same steps work for installing flash for the Epiphany browser (yes, even placing them in the firefox folder).

If you still have the flashplugin-nonfree package installed this shouldn’t immediately conflict and my guess is that once there is an update it’ll seamlessly fall into place.  I don’t forsee any conflicts, but you’re welcome to correct me if I’m wrong.

I picked up an old Sun UltraSparc 10 this last week and I set it up yesterday with Ubuntu 6.06 Server. I think I’ll have it run my irssi/bitlbee server, and I was also thinking it could be my local DNS/DHCP server.. but this is where I get into unknown territory for my network. As long as I’ve had high-speed I’ve set a hardware router in place and have not had to deal with this. As the title suggests I’m thinking outloud with this post, mainly just looking for some feedback to make sense of how to put this together. Here is my current network setup.

Current Network Setup

I have DSL which comes in the DSL Modem which is configured with PPPoE transparency (I believe) so that the current router can submit the PPPoE login information. The current router (Netgear Wireless + switch) has the PPPoE information and acts as the DHCP/DNS. This then uses an out-port from the Wireless Router back to a Netgear 8 port 10/100/1000 switch, also daisy-chained to another identical switch which all the machines in the house are connected to. (No I don’t have 16 machines in my house, but I have LAN ports in each room for mobility).

DSL -> Wireless Router (DHCP/DNS/FIREWALL) -> Switch 1 & 2 -> machines

Attempted Network Setup

What I would like to do is remove the Wireless Router as the DNS/DHCP and simply use it as an access point. I would like to use one of my servers as the DNS/DHCP server and I suppose that would end up being the firewall as well. This new setup would then be something like:

DSL -> Sparc (DHCP/DNS/FIREWALL) -> Switch 1 & 2 -> Wireless Access Point & Machines

I have done a bit of reading regarding pppoeconf on Ubuntu and I have been able to set that up on the server. The problem was then that the Sparc machine could get out but nobody else could. I understand I’ll need to activate ip_forwarding on that machine and probably put together an iptables MASQUERADE rule, but what else do I need here?

ifconfig shows the PPP connection and WAN IP. I then have eth0 and eth1 (although I’m assuming PPP is using one of those as well?) So we make eth1 the external, PPP connected device, and give eth0 a static IP such as 192.168.0.1? For this machine to allow network traffic to the internal network does it *need* a named server going or would it work if the clients had external DNS configurations (like the ISP or opendns.org?) At this point do I need DHCP server going as well? There are reasons why I would want this (initially the reason for this whole spagetti mess), but for initial connection testing is it *required*? Can the clients just configure static networking on the same subnet?

I guess I’m wondering, at the minimal level, what needs to be wired to what & what services are *required* to allow connection from all the machines? The details on configuring DHCP and DNS I can take care of, I just want to make sure everything is wired properly. Any thoughts?

I found a really quick fix today for disabling ipv6 completely on Ubuntu 7.10 (not yet tested on previous versions). This might be of interest to some of you that have had networking problems, as I’ve heard disabling ipv6 at least within the browser has been a help here. This tutorial will disable ipv6 completely on the machine. At this point activating or disabling ipv6 probably wont make much of a difference as very few people actually implement or use ipv6. Unless you know you have a reason to need (or not need) this, you can probably safely leave it where it is.

Disabling ipv6 on Ubuntu 7.10

We’ll simply need to change a line in one of the configuration files that loads the ipv6 module to the kernel. As of yet I have not figured out a way to update this change outside of restarting the machine. If anyone has any suggestions on removing ipv6 “live” I would appreciate it.

Change the line is /etc/modprobe.d/aliases from:

alias net-pf-10 ipv6

to

alias net-pf-10 off

Again, at this point you’ll need to restart your machine for the change to take place. If anyone knows of a way to avoid the reboot I would appreciate it.

I found a really quick fix today for disabling ipv6 completely on Ubuntu 7.10 (not yet tested on previous versions). This might be of interest to some of you that have had networking problems, as I’ve heard disabling ipv6 at least within the browser has been a help here. This tutorial will disable ipv6 completely on the machine. At this point activating or disabling ipv6 probably wont make much of a difference as very few people actually implement or use ipv6. Unless you know you have a reason to need (or not need) this, you can probably safely leave it where it is.

Disabling ipv6 on Ubuntu 7.10

We’ll simply need to change a line in one of the configuration files that loads the ipv6 module to the kernel. As of yet I have not figured out a way to update this change outside of restarting the machine. If anyone has any suggestions on removing ipv6 “live” I would appreciate it.

Change the line is /etc/modprobe.d/aliases from:

alias net-pf-10 ipv6

to

alias net-pf-10 off

Again, at this point you’ll need to restart your machine for the change to take place. If anyone knows of a way to avoid the reboot I would appreciate it.

I finally got all of the blogs I manage updated to WordPress 2.3.1, today. Several friends who also use WordPress had experienced some difficulties upgrading to 2.3.0, so I had held off on the updates on some of the blogs until these past 3 days. There were two of them that I had some very small problems with, but they were solved very easily. One of those was this blog, the one you are reading right now.

First, when I was updating my wife’s blog, I got all in a hurry and forgot to make a backup of the database first. Then, when I connected to the wp-admin/upgrade.php script and clicked on the Upgrade WordPress button, all hell broke lose. I had DB errors left and sideways (thankfully, not quite right, though). At that moment, I realized that, “I could really use that DB backup right about now.” Well, I didn’t have it, so I tried the export function from the admin interface and that worked. At least I had her posts (there was a brand new one, too, which wasn’t in the most recent backup file that I did have).
(more…)

Thanks go to Christer Edwards for encouraging me to deploy OpenID support on this blog.

If you have an OpenID account, you can now use it to comment and to register on this blog, without having to register on this blog. I haven’t required logins to commont on this blog since June of 2006, but still required commentors to fill in their name and email and optionally allowed them to include a URL for their own site. Now, these kinds of things can be done via your OpenID.

I didn’t activate the second WordPress plugin yet, as I haven’t registered an OpenID of my own, nor have I set up an OpenID server.

I’m thinking about standing up an OpenID server on OpenBrainstem. I’m not really sure about this yet, so I’m asking you, my readers, to weigh in on the idea. Post your views as comments to this post. Tell me why I should or shouldn’t run my own OpenID server.

I been using SpamAssassin for a while to help identify SPAM. About a week ago, I started seeing all messages that were being flagged as SPAM by SpamAssassin show up in my Inbox instead of in my SPAM folder.

Well, it irritated me enough a moment ago to actually take a look at the full headers of just such a message. Here are the headers added by SpamAssassin:

X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.1.8 (2007-02-13) on
       dark-templar.lamontpeterson.net
X-Spam-Level: ***********************
X-Spam-Status: Yes, score=23.0 required=4.0 tests=BAYES_80,DRUGS_ERECTILE,
       DRUGS_ERECTILE_OBFU,HTML_MESSAGE,RCVD_IN_BL_SPAMCOP_NET,URIBL_AB_SURBL,
       URIBL_JP_SURBL,URIBL_SBL,URIBL_SC_SURBL,VIA_GAP_GRA autolearn=no version=3.1.8
X-Spam-Report:
       *  2.5 VIA_GAP_GRA BODY: Attempts to disguise the word 'viagra'
       *  2.0 BAYES_80 BODY: Bayesian spam probability is 80 to 95%
       *      [score: 0.8180]
       *  0.0 HTML_MESSAGE BODY: HTML included in message
       *  1.6 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
       *      [Blocked - see <http ://www.spamcop.net/bl.shtml?201.83.176.249>]
       *  1.6 URIBL_SBL Contains an URL listed in the SBL blocklist
       *      [URIs: tersho.com]
       *  3.8 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist
       *      [URIs: tersho.com]
       *  4.1 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
       *      [URIs: tersho.com]
       *  4.5 URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist
       *      [URIs: tersho.com]
       *  2.4 DRUGS_ERECTILE_OBFU Obfuscated reference to an erectile drug
       *  0.5 DRUGS_ERECTILE Refers to an erectile drug

(Now that’s one spammy piece of SPAM!)

OK, so I took a look at my ~/.mailfilter file on the server:

### SPAM
if ( /^X-Spam-Flag: *(yes|YES) / )
{
   to "$HOME/mail/.SPAM/"
}

Many of my readers may be eagle-eyed enough to spot the problem right away. If you said, “Hey, you’ve got a superfluous space after your closing parenthesis in your regular expression there,” then you got it.

That regex would match either “yes” or “YES” (they are case sensitive). I did this because at some point long ago, I had a rule on a system that used “yes”, but SpamAssassin today produces “YES” and I just didn’t want to have it missing stuff because of something like that.

I decided to further improve this regex so that it might be less likely I’ll have to “fix” it again:

### SPAM
if ( /^X-Spam-Flag: *[yY][eE][sS]/ )
{
   to "$HOME/mail/.SPAM/"
}

Problem solved.

BTW: the term SPAM originally came to be used in the computer world because of the Monty Python Spam sketch.

There were a few minor difficulties updating this blog to WordPress 2.1 Ella (reffering to Ella Fitzgerald). Over the past couple of weeks, I’ve slowly worked on fixing things. It looks like everything is the way it should be now.

There were some databases changes that weren’t handled very cleanly by the update script. I had to drop and recreate the DB from my backup (taken just before starting the upgrade process).

One of things that changed was the way that links are managed. The wp_linkcategories table was “replaced” with a new wp_link2cat table. Unfortunately, the upgrade script didn’t complete the conversion process.

Most of the work required to fix up my links was done within the management interface in my web browser. Not hard, but it took a few moments. One of the categories didn’t make it through the upgrade. Several others (but not all of them) from the categories list now show up, too. Upon further examination I discovered that the only categories that appeared were those which were not assigned to any posts, though, it appears in the UI that they intend all categories to be simultaneously usable for posts, pages & links. However, when I tried to assign a category which is in use for several posts to a link, that link no longer rendered.

The change from a separate set of categories for links to a unified categories system was certainly the right direction. It merely appears that testing of that part of the upgrade code wasn’t very thourough.

Writing this post, I discovered what appears to be a new auto-save feature. Every couple of minutes while the focus is in the post body input field, the auto-save kicks in and a text marker next to the save/publish buttons updates to say “Saved at h:mm:ss” (the time on this notebook). Nice!

A few days ago, Peter Abilla published a post about TrackMeNot.

I had read about TrackMeNot a little more than a week before on Bruce Schneier’s blog, and so I already knew TrackMeNot was a flawed idea. Peter also makes some very good points in his post, but, unfortunately, it falls short of pointing out some of the more serious problems with TrackMeNot.

I’ll just summarize the problems here. For further explanation, read Bruce’s post:

1. It does not hide your searches (they are still identifiable with you).
2. It’s far too easy to spot (and therefore, far too easy for AOL and others to defeat) and it’s schedule is regular & fixed.
3. Some of the generated searches are worse than what you would try to hide.
4. It wastes lots of bandwidth, while returning absolutely no privacy or security benefit.

I like this quote from Bruce’s post:

Yes, data mining is a signal-to-noise problem. But artificial noise like this isn’t going to help much.

While we’re on the subject of browser safety, please, everyone follow this advice: turn off SSL v2 support in every web browser you use. The default configurations of almost all web browsers still leave SSL2 support on for backwards compatibility. There is no such thing as a legitimate encrypted website that uses SSL2, which is completely insecure. Since there is a small flaw in SSL3 that can let an attacker trick any program using SSL3 into “falling back” to SSL2, if you don’t take my advice, you could be using SSL2 and not even know it.

I also disable all SSL3/TLS encryption suites that provide less than 128 bits of key and all 3DES (a.k.a. triple-DES, DES EDE mode or TDES) sets. This is not just because 3DES is insecure, but also because 3DES is so slow. It consumes significantly more processing time and doesn’t really provide much better security than standard CBC mode DES. It’s just not worth the overhead. In addition, there are several vulnerabilities in both 3-key & 2-key 3DES that significantly reduce the complexity to brute-force them. 3DES is not considered a safe protocol.

In their paper titled, “Key-Schedule Cryptanalysis of IDEA, G-DES, GOST, SAFER, and Triple-DES“, John Kelsey, Bruce Schneier and David Wagner describe one weakness found in 3-key 3DES that isn’t present in 2-key 3DES (among other interesting things).

From what I’ve read in the past about browser 3DES support, although nearly all browsers say they use 168 bit 3DES keys (3-key 3DES), many actually use(d) 2-key 3DES (112 bit). I’m not sure how true or false this is in modern browsers, I’ll have to do further research to find out.

You might have heard of the new Browzar web browser. Their website claims: “With Browzar you can search and surf the web without leaving any visible trace on the computer you are using.”

Well, it’s just not true.

It’s only a thin wrapper around Microsoft’s Internet Explorer version 5.5 (or later). Since IE stores all sorts of stuff in places on your system without telling you, Browzar can’t deal with all of it. Scott Hanselman has actually shown that Browzar misses the mark on this point.

There are other problems with this, too. For example, this program will not affect any servers that you visit, or any caching proxy servers in between (like at work or a university).

Anonymity on the web is not just about the stuff that’s on your computer, though it’s an important part; it’s also about the things those servers you connect to keep track of and tell each other.

Web browsers such as KDE’s Konqueror, Mozilla’s Firefox, Apple’s Safari (built on/from Konqueror, BTW) and others already support local privacy features. These include Konqueror’s excellent cookie management capabilities and Firefox’s support for auto deletion of cached data. All of these browsers sport these privacy enhancing features, though they have differing approaches and levels of control.

Today, I decided to take a look at a couple of the links that blog spammers have been trying to put up in my blogs’ comments. Most of it actually led to “anti-spam” websites that are actually spam list phishers. This is, of course, very clever of the spammers.

First, they put spam up that includes links to their phishing sites on blogs they troll the net for. This part is very easy, thanks to services like Technorati and Blogger.

Next, “young” bloggers (i.e., those who are still fairly new to the “sport” of blogging), see comments. Either they naively authorize the spam comment, don’t moderate at all or decide to follow the links and check it out before authorizing the comment. If the comment gets posted to the blog, then others who read the blog can fall into the trap. If the blogger decides to visit the pages, they could get sucked in to all kinds of things.

But as I looked at a few of the links, they turned out to cause redirects to either www.abusepost.com or www.spamcop.net (I didn’t make those into links on purpose; DISCLAIMER: GO TO THOSE SITES AT YOUR OWN RISK, I’M NOT RESPONSIBLE FOR YOUR CHOICES). Of course, the vast majority of bloggers, both experienced and just getting started might think that those sites are providing a pretty good service. Looking a little more closely at the form and at the HTML itself reveals that these sites look suspicious. They require your name, email address and website address (which will be the blog that they hooked you at in the first place, for most people).

Were you paying close attention? They require you to provide the exact information spammers want in order to “report” a site that they are already “about to shut down”? Doesn’t make much sense to me.

Do you smell phish or am I the only one?

A word to the wise: Just Say No.

Here are some simple rules for Internet safety, though, they apply (with proper contextual edits) to any online communication:

1. Moderate — Whether it’s comments on your blog(s), forums (which I hate, BTW) or mailing lists. Moderation is currently the most consistently effective way to defeat all forms of SPAM.
2. Never give out your information if you don’t have to — Just because a particular website’s “form” says that it requires your information, doesn’t mean they should be given any. We all know not to publish our credit card numbers online, but it’s amazing how many people don’t understand that your name, email address, street address, phone numbers, websites, employer’s name, favorite color, mother’s maiden name, etc. are not needed by most websites. When in doubt, don’t give it out.
3. The only stupid questions are the ones you do not ask — In other words, ask someone you know who has lots of experience with the Internet, email, spam, security, etc., any questions about specific websites or other items in general. Keeping yourself safe is hard enough to do, but keep trying to do it without the right information and you just might make things much worse.
4. Don’t open HTML emails — If someone sends me an HTML email (and I think it’s worth this effort), I send it back to them with a simple, polite note explaining that for security reasons, I do not accept nor read emails that are not in plain text. Too many people are using stupid email programs like Microsoft Outlook and Outlook Express that have hundreds of severe security flaws when it comes to processing HTML email, alone.
5. Don’t Panic — It can be easy to let fear take over at this point and abandon your dreams of blogging and the “Internet lifestyle”. Don’t worry, it’s not that hard to keep yourself safe. Once you know how to recognize the dangers, it’s easy to avoid them.
6. Think — (OK, this one could sound kinda mean, but it’s not; it’s just a sad truth, so don’t take it too personally) The spammers and the Phishers keep doing what they do because it works. There are just too many people on the Internet who do not think for themselves. You have a brain and I’m sure it functions at least well enough to read this far. I’m sure you have a lot more capacity to figure things out than you might be giving yourself credit for. Being able to think is not enough on it’s own, but with a little bit of knowledge, your brain can be used to help keep yourself, and your loved ones, safe on the Internet.
7. If in doubt, bail out — You don’t have to go any further than you already have when visiting any website or continuing a discussion on IM in a chat room or on a mailing list. You can pull the rip-cord at any time.

I’m sure there are other things that we could put in that list. Perhaps some commenters will try to help me out in that regard. But I think these basics should be enough to get you started.

This is one of my favorite Turkish proverbs:

No matter how far you have gone down the wrong road, turn back.

Four days ago, a new release of WordPress, the blogging software that runs OpenBrainstem blogs was made available. It’s now up to version 2.0.4, which all OpenBrainstem blogs are now using.

There were several security fixes and over 50 bug fixes, according to the announcement on the WordPress website. However, I’ve also noticed a couple of irritating regressions. For example, when managing pending comments, it’s always been possible to click on the text next to the radio buttons at the bottom of each comment you are moderating. This makes it easy to select the action you wish to take for each comment, as you have a larger target for your mouse pointer. Unfortunately, this broke with 2.0.4 and clicking the text no longer selects the bullet.

There were a couple of other patches I had to reapply to the code. For example, if you look at the calendars at my blog, you’ll see that dates with a post are displayed very nicely. This is thanks to a small change I made to the template-functions-general.php file. You can download the patch file and apply it to your own WordPress installation, if you like. Then, I added the posted-day class to the style.css file for the theme that I am using.

There are also a few other tweaks I have made to that theme, and I’m planning a couple more. One thing is that when you view a dated page, the sidebars don’t get their background colors set. A minor bug, but I’ll fix it sometime.

Anyway, there were some other code patches I had to reapply, but it only took about 10 minutes to do. I’m going to get some of these patches packaged up and submitted for inclusion in future versions of WordPress.

Richard K. Miller wrote about the new .mobi top level domain (a.k.a. TLD). Here’s a quote from the post:

Here are my 9 reasons why .mobi is a bad idea:

1. You can already serve mobile content from any subdomain or folder, like mobi.example.com or example.com/mobi
2. You can already use content negotiation. If the browser says “Accept: text/vnd.wap.wml”, then return mobile content.
3. You can already use the “handheld” media type in your CSS.
4. You can already create light-weight, semantic HTML that can be viewed on multiple devices.
5. Since “mobi” isn’t a word, it’s not likely to be in the predictive text dictionary on most phones. A good domain for phones would employ a real word. (Actually .com works.)
6. Without predictive text, typing “mobi” on a phone means pressing 6, then waiting, then 6-2-4. A good domain for phones would not use two adjacent letters on the same key.
7. Phones with QWERTY keyboards are likely to have full-fledged browsers that can view .com websites anyway.
8. Dot-mobi domains are expensive.
9. Browsers like Opera can rerender existing web sites to make them viewable on movable devices.

If you see value in .mobi that I’m not seeing, let me know, but I think it will be a failure. We should as soon introduce a .BestViewedWithInternetExplorerAt800by600 domain so we can keep track of all those web pages from the 90’s.

Number 8 on Richard’s list is the reason why .mobi is a good idea … from the perspective of the registrars who are the ones who pushed for the new TLD.

But why not just .mobil ? I mean, come one, it would be so much easier for people to pronounce, even in a wide variety of languages.

Anyway, I think the addition of .mobi is just dumb. Basically for all the other reasons you already stated. Especially number 6; how irritating.

Reading this newly issued patent, it sure seems like they are talking about a firewall to me.

I first read about this on Bruce Schneier’s blog.

Try visiting Hilton Hotels‘ website with any browser other than IE, Netscape 7 or Firefox 1.0. Argh! It dumps you on a “Web Standards” page and you can’t leave it unless you use one of the “approved” browsers.

I haven’t tried it with any handheld browsers, so if you do, please, post a comment about the results.

Anyway, sites like that are yet another reason why I love Konqueror. It took just 10 seconds to tell Konqueror to pretend to be Firefox 1.0 (on Linux, of course) whenever it connects to “hilton.com”. Presto! No trouble at all. In fact, the whole site renders perfectly.

Well, it finally happened: This morning, I had a couple of SPAM comments on my blog for the first time.

I love WordPress; it’s just so easy to deal with the SPAM. Still, it will be nice when open-source people finally create software that fully neuters all SPAM.

Tonight, my wife Charlotte and I went to the Utah Bloggers Conference. I recognized a few faces of people that I had not met before, since they have their faces on the Utah Open Source Planet.

As for those of you who don’t have your photos up there, yet: some of us (like Jayce^ and herlo and I) would have come over and taken your photo for you so you could get it up there, but we didn’t know what you looked like, so we couldn’t find you.

Next time we can’t find you like that, we’ll have to refer back to your photo…wait, um…

So, get your hackergnotchi in to Gabe (at gabe at gundy dot org).

In case you haven’t heard, Google recently made available a beta for the next version of Google Earth. The big buzz is because there is now a native Linux version.

I’ve seen people talking about the Linux version of Google Earth on the SLLUG Members mailing list. I found an entry on the Fedora SELinux mailing list titled, “Step-by-Step Guide To Creating SELinux Policy for Google Earth“. I’ve seen several other people talking about it already.

But, I was surprised to see that no one whose feed is picked up by the Utah Open Source Planet had yet posted on any of their blogs. So, here it is.

I heard about the new Linux version of Google Earth from my good friend, Evan McNabb via Jabber, yesterday. I downloaded the new Linux version and waited until later in the evening to try it out. Video was a bit scan like on my notebook, but I soon cleared it up.

I’d like to see people comment on their experiences with it, so far. I’ll write more about the things I hear later on.

Well, as many of you have noticed, my blog started causing those who were viewing the Utah Open Source Planet to get an SSL Certificate Authorization dialog, again.

For the time being, I have turned off the convert smileies to graphics option.

It turned out, that I had to also pull up the offending post(s) and resave them to get that setting to take effect in the db, which is strange, since it was dynamic for the site last time I fixed the bug. Oh, well.

As many of you who use WordPress know, it wasn’t until the 2.0 release that WordPress supported having your admin interface portion of the site encrypted. The way that they implemented this feature in WordPress 2.0 was to have two different URLs that you can configure, the blog URL (where visitors see your blog) and the site URL (where your admin interface lives).

The two URL idea was the right way to do it. I benefit from it, as the admin interface is on a different hostname from the blog. Unfortunately, the WordPress developers made a couple of small mistakes in implementing the use of the two URLs and that’s where the bug that has affected UOSP readers comes from.

But, I know how to fix these bugs.

(more…)

Gabe Gunderson wrote this post in response to my previouse entry, OpenBrainstem Mailman Configuration Fixed.

His first sentance was:

I post this on my blog cause Peregrine doesn’t take comments unless I’m “logged on” and I had it all typed up.

Sorry for the inconvenience, Gabe. You’ll be happy to know that I have now “fixed” this. The “Users must be registered and logged in to comment” option in WordPress was checked.

I was going to add a trackback to Gabe’s article, but I couldn’t find any trackback URLs on his WordPress blog. Oh, well.

I figured out how to get mailman working with my Postfix/maildrop/Dovecot setup.
(more…)

If you think you already know what I’m going to say, please, don’t stop reading here; I may surprise you.

Most of those who will read this already know the dangers of trusting the kinds of email messages like the one I just recently received with the subject line “Your account might be compromised!”, which prompted this post. However, many who read this blog are not of the “technically savvy” or “computer expert” types, so I thought these comments might be useful.

Rule Number 1: NEVER take any email message from a company that deals with money (like banks and credit unions) at face value. That simple rule will protect you from most Phishing attacks.

The Phishing scams use all sorts of tricks to make their emails look legit. This latest one even employed the technique of having someone who actually speaks English write the text. In the past, one very big indicator that an email might not be from the company it claims to be, was the bad translation from some other language to English before it was sent out.

Another common tactic is to send HTML email. This allows the Phishers to create links like [ http://en.wikipedia.org/wiki/Phishing ]. The link looks like it points to the correct website for your bank (for example), but actually goes somewhere else. Unfortunately, these can be hard to expose if you use Internet Explorer, Outlook, Outlook Express or some common web based email systems (like Hotmail & Yahoo!).

If you visit such fake links and you use Internet Explorer, there are several techniques the fake website can use to make it look like it is the real website. For example, there are dozens of still not patched bugs in IE that let a web page dictate exactly what you see in the address bar. So, while you are actually at “http://192.0.2.5/www.chase.com/login.jsp”, IE’s Address bar could show, “https://www.chase.com/login.jsp”, thus making it look more legitimate. Of course, you got there by clicking the link they gave you in that HTML email.

Rule Number 2: Don’t trust HTML emails. Too much stuff can be hidden.

HTML email has many other problems as well, like being able to pull in code or images that actually tell the sender that their email has been read while completely hiding this fact from you. That let’s the spammers know that you’ll read their SPAM.

I could go on and on about this, but I won’t. Instead, I’ll just leave you with a few, simple thoughts:

1. There is no Nigerian Oil Money waiting for you to transfer into your account (money laundering schemes)
2. That’s not Viagra they’re putting in those bottles (generic drugs fraud).
3. You do not need to buy OEM software. (pirated copies).
4. eBay & PayPal (or, for that matter, any bank or credit union) never need you to “verify” or “validate” your account (Phishing).

And, last but most certainly not least:

5. The world will not fall down around you if you don’t immediately forward that chain mail (viruses).

In dealing with nVidia and ATI drivers for Linux (both a kernel and X driver are needed), I’ve been using the Livna YUM repositories for Fedora to easily install them as RPMs using YUM.

I’ve run into trouble here and there as the Livna folks keep pulling RPMs from their repos for older versions of the kernels. At the very least, they should leave the kmod-* packages in there for the original kernels that shipped with each release. Then, people can install a release and get a good driver. I had to wait for about 3 weeks after I first put F7 on my home workstation (dual AMD Opteron) before I could get the nVidia driver from Livna because they didn’t have one for the older kernel packages and the newer kernels weren’t booting (turned out to be malformed initrd files, which I later fixed).

Yes, I understand that they take up some disk space, but it’s not really that much perhaps 100M per release to keep all kmod-* packages and their dependencies around.

Livna, if you’re listening, please, give us all the driver packages and don’t remove them. You don’t know which kernels are working for people and which aren’t, so you could really be making things pretty difficult for people.

On the last day of the Utah Open Source Conference 2007 (UTOSC), there was a PGP/GPG key signing party, hosted by Scott Paul Robertson. It was good to be able to get set up to properly sign so many keys, but it did give me a little problem; I needed to sign everyones’ keys with each of my 4 active keys. That would have been over 100 times running the gpg command. Sounds like something begging to be scripted, so I did.

I’m posting the script, which is still very rough, as I didn’t both taking any time when I whipped it up last night to take care of everything that it really should be doing. Still, I’ll work on it here and there, I’m sure. You can download it from http://www.openbrainstem.net/download/sign-lots-o-keys. If you feel like makeing some fixes, either post your patches (please, create them as a unified diff file, if you wouldn’t mind) and put a link in the comments here and/or on your own blog.

Enjoy!

After reading Dave Winer’s comments on blogging, in particular the parts where he discusses comments and their negative effects on a blog, I’ve decided to disable commenting in this blog. TrackBacks are still there.

Let’s see how this goes. If you would like to comment, you can’t post it on my site. Use your own blog and use a TrackBack to this article. Let me know what you think.

Personally, I’ve always preferred the idea of TrackBacks over comments. I just wasn’t quite sure how to explain (nor did I ever take the time to really think about) why I felt that way. So, thank you to Dave Winer for helping me quantify it.

Although I have configured this blog to not have the “Allow comments” option selected by default, existing posts which did have that option on should still permit comments. I will fix this by editing the DB directly. Hopefully, existing comments will still be visible once I do so.

Well, I’ve been running with WrodPress 2.2.1 for a while now. This was another update that screwed up the blogroll (I patched this in my code for 2.1 and 2.2).

But a new problem has surfaced with 2.2.1 in the admin interface; when loading the Dashboard or the Write or other pages which include wp-includes/js/jquery/interface.js, it freezes up my web browsers. I’ve tried it with Firefox, Opera, Konqueror & Safari, some on both Linux and Windows. The browser eventually lets me kill it (but I have to stop it 2 or 3 times) and then the page will finally load. In browsers where I have debuggers for JavaScript, I find this error:

Error: https://www.openbrainstem.net/blog/peregrine/wp-includes/js/jquery/interface.js?ver=1.2: Error: Error

It’s pretty frustrating trying to use my blog when the admin interface has some buggy JavaScript. I’m going to try to debug it, though JavaScript isn’t my favorite language. I’ll keep you posted if I find a fix.