I recently had the distasteful experience of having to tell a long-time client to find someone else to handle his IT consulting. We had (I thought) become friends over the years, though recently, tensions surrounding some server trouble over here (I hosted his email) led to difficulties in our relationship.
NettiCat has graciously granted me permission to modify (slightly) his BetterPrivacy extension to allow for installation and use under SeaMonkey. The current version (1.68.m, as of the date of this post) should install under SeaMonkey 2.0a1 and above.
For those not familiar with this extension, it goes beyond the built-in sanitizing functionality of Firefox and SeaMonkey to include clearing the Flash cookies, which may be stored for an otherwise indefinite period of time. For more on the actual feature set of BetterPrivacy, I would suggest reading the information available on the official home.
First, my heartfelt condolences to everyone who was impacted personally or financially by yesterday's DDoS attack against GoDaddy. That includes customers and employees, and as an admin, I know firsthand what it's like when the systems grind to a halt under one of these things, when all that's left is simply to put something else on the front line to check for traffic and wait it out (or request new address blocks all the way around). This, of course, does not take place in a vacuum: when these things hit, we are always surrounded by The Suits who have no clue as to why we can't do anything more (or faster), constantly complaining of our inadequacies (we should have known better; we should have predicted; we should have been better prepared; etc.).
As a consultant, I look at computers and operating systems from a "best tool for the job" perspective. Some systems are better suited to some things than others. I wouldn't expect to play modern computer games, written for Win32 or Win64 on Linux or OS/2, no matter how far advanced Wine or Odin was/were. Likewise, I wouldn't consider running a web server on the Win32 or Win64 platform vs Linux or OS/2.
Along with other suitability considerations, I factor in my own (or the client's own) comfortability factor with a particular environment. The Mac object oriented desktop is quite nice, though it's not my environment of choice. On Linux, I prefer KDE to Gnome, but neither of those nor the Mac desktop nor Windows Explorer approaches the level of comfort, familiarity, or ease-of-use which I experience using the Workplace Shell, which is - for me, at least - the main reason I stick with eCS.
Stability concerns? These affect all platforms at one time or another. Unless the problems are inherent to the overall system design (Windows' weak security model and the dangers of the single registry paradigm), such things need to be considered in the course of business. that is to say, they happen. Cars break down, too, but I'm not quite ready to go back to a horse and cart (and carts break - ever change a wagon wheel?).
Ah, into the land of (broken) Windows we go...
I despise Windows. Have I said that before? Here, in case I haven't, I'll say it again. I despise Windows. That feels better. It's good to get such things off one's chest. What a hopelessly broken operating paradigm. Oh, well. It's gotten better, I guess. that is to say, it used to be even worse.
I've been spending much time of late working between zypper and yum on various flavors of Linux and now, eComStation, which has its own port of yum. Of the two, I prefer zypper, though either is head and shoulders beyond the inane Windows patching system. However, when in Rome...
There is a lot of malicious junk floating about the net.I know; that's not a real surprise. Under normal circumstances, a good (standalone) firewall will keep one reasonably safe from the worst of it. However for those of us who travel, it's a constant challenge to keep up with personal firewall tweaking and such, and still, unless one is really running the kinds of stuff typically found in a UTM (Unified Threat Management) solution, just tweaking some firewall rules just isn't going to cut it.
So, what can one do while traveling? Trust the hotel firewall? I think not. Here are three quick tips to help keep your system clean from would-be spoofers and such:
A quick edit of your hosts file to loop back known bad sites to localhost (127.0.0.1) is a good start. To get started, have a look at the list compiled here. This will make some web pages look rather ugly, as the browser brings up the dreaded "cannot access..." in various iFrames and such, but it will speed browsing and keep that excess junk from cluttering the screen.
Squid proxy settings
Squid is great. You can do a lot of things with Squid, such as block entire IP ranges from getting in (or going out to them), which improves performance considerably. I'll post more on Squid configuration in a later article. For now, suffice it to say that Squid can be used as a pseudo-firewall (you just have to not defeat it by turning it off, but this is true of software firewalls, as well).
Another type of proxy is a privacy screen. Enter Privoxy to the scene. One of the annoying characteristics of most web surfing from modern browsers (and ancient ones) is that we tend to leave behind more than we take with us. To truly surf anonymously requires some type of anonymizer, and Privoxy is a good choice (this way, your travels don't follow you home, when you finally do get behind your warm and cozy hardware firewall). A couple interesting guides for chaining Squid to Privoxy (or vice-versa) may be found here and here. Again, I'll post more on this in a subsequent piece, but for now, suffice it to say that this is an excellent addition to your arsenal.
These are but three fairly quick and simple (well, they can be less complicated than others, at least) ways to browse more safely, and are of particular usefulness when away from home (or the office), where the bastion server is unknown and likely not to be trusted. In time, I'll flesh in more details and tips for configuring each of these solutioins.
As I sit here at Panera Bread, catching up on some tech news, an article caught my eye concerning Mozilla's new approach to updates and, tangentially, the (revised) 2011 Firefox release schedule. This started my own wheels turning, as this has been a bit of an annoyance for me, so I thought I'd just jot down a few ideas...
Concerning Firefox's 2011 release schedule:
We (I say "we" because I do/have contribute(d) from time to time) have some bugs in Bugzilla which date back several years (some to the Netscape Communicator days, inherited by the Mozilla project - no kidding!). These have yet to be quashed, and all the while new "releases" just keep coming down the pike, bringing with them their own share of new insectoids. Wouldn't it make more sense to stay at a reasonable "release" level, and just fix it before adding new features (and after all, isn't the purpose of a new "release" to introduce new features)? We already have a mechanism in place for extending the functionality of the browser through plugins and extensions, anyway, so what's the point? (If Mozilla wants to emulate Redmond, then they should consider that under the hood, Windows 7 is NT 6.1, anyway, and Microsoft got a head start with NT growing out of OS/2 - NT started at version 3.)
Many of you know that I am the Chief Network Architect for Hautspot. LLC, a little Wi-Fi company which, among other things, is a CLEAR Local Master Platinum Distributor in the Washington, DC metro market. Hautspot's main focus prior to entering into the distributorship agreement with Clearwire, was (and still is) managed Wi-Fi networks built on technology from Sputnik, Inc.
I stumbled upon this article on The Register this evening, describing an engineer at his local coffee shop (the establishment shall remain unnamed on my blog, because I truly despise their idea of java - and I'm a real coffee drinker) using Firesheep - a Firefox extension which allows one to pick off other users' authentication cookies over open networks - and easily hacking other people's social networking accounts (no surprise there, huh?), among other things.
Fortunately, most of our hotspots employ SSID Client Isolation, which is a technology which prevents neighboring users from snooping on other patrons' connections. No client-side configuration is necessary. No crackable VPN passphrases (Steve Gibson, for whom I have the utmost respect, is dead wrong with his suggestion of simply enabling WPA encryption on public WLANs and using a commonly used term, such as the venue name or even "free," as these can be so easily cracked and the system made vulnerable to MITM attack). It simply makes it impossible to route traffic from, say, 192.168.1.55 to 192.168.1.56 on the same LAN; the router won't pass the packets. Period.
Venue owners: for a few $$ per day, you could be enjoying secure, advertising-supported (i.e., you sell ad space on your very own portal page, thus offsetting the cost of the managed service) hotspots, with your own branding for all to see. Authentication is handled on our server. All that's needed on your end is a router/AP, which we provide, and a broadband connection (and if you don't happen to have one of those, we can usually fix that for you, too). Contact us for more info and a FREE site survey.
And in the good news department, The Register is citing an All Things Digital article from 3 November, 2010 which mentions the overall decline of MySpace revenues and the possibility of NewsCorp shutting down the beast...er...monster...er...spy haven...er...social networking site.
If someone gives me his private office phone number, he doesn't expect me to write it in the office Christmas card.
If someone gives me his cell number, he doesn't expect that I'll scribble it on a bathroom wall at a highway rest stop.
So, if I give someone my email address, why is it that so many recipients treat it like it's public information?
When I get someone's email address, I treat it the same way I would that person's home phone number, private office line, or cell phone. I don't give it out unless I get permission from the owner of the information. Again, this evening, I received a "joke" from a client, with my email address blazoned across the To: header, along with...let me count them...a dozen others (people I don't know).
Beyond the rudeness of sharing my address with strangers, I'm willing to bet that at least half of them are running Windows systems, with easily harvested address books and out-of-date antivirus/antispyware, so that my address is now even more likely to be snatched by some 'bot and used for nefarious purposes.
A couple weeks ago, I got a message from a large company who shall remain nameless, with my address as a cc along with 374 - I'm not kidding - that's three hundred seventy-four other addresses cc'd in the headers. On my Palm Pre, I had to scroll and scroll and scroll just to get through them all. Huh????
Next time, maybe I'll just give out my Social Security number, debit card PIN, and plaster a picture of my kids, their names, and ages on some social networking site...