Friday, December 28, 2007

Securing communication protocol traffic (SSH tunneling).

A useful option for secure communication between client/server is to tunnel the communication inside the Secure Shell protocol (SSH).

It can be used to tunnel POP3 and SMTP traffic using ssh.
-Sure u must have both ssh client and ssh server installed on the two ends.
-Create a local ssh tunnel on local machine (ex.port 5110) to the POP3 server's port 110 or SMTP 25
# ssh -f -N -L 5110:localhost:110 user@POP3_server

Or even simply binding to a privileged port (110, the POP port)

# ssh -L 110:mailhost:110 -l user -N mailhost

Same, you can also forward SMTP for outgoing mail (port 25), single ssh line can have multiple -L entries, like this:

# ssh -L 110:mailhost:110 -L 25:mailhost:25 -l user -N mailhost

-U can still check for port forwarded :
Telnet localhost (forwarded port)/
You should see the POP3 server's banner information.

-Finally you have to configure your mail client to access your mail via POP3 using mail server localhost and desired forwarded port.

Thursday, December 27, 2007

Home network map modification ( somehow mobility)

I modified my home network somehow to give myself a way to have mobility around ;).

- Firing dhclient on Nixbox ==> IP obtainable automagically
- /etc/network/interfaces modifications
- Downing default gw
- Winbox --(Wlan/Wlan Ad-Hoc)--> NixBox ----> Router
- Firing ipmasq without firewall-configs (dpkg-reconfigure ipmasq)
- Winbox <--(Wlan(192.168.0.1)/Dns <> IPmasq)--> NixBox (Nix Connection masq)
- Noticed.., neither Bind(named) nor DNSmasq is needed, by default named installed.
- Apache/httpd port 80 --NAPT--> 192.168.0.1 <--(inside).

A long time i wondered to furnish this modification, finally ...

Friday, December 21, 2007

"_Someone i have lost long time ago_" Comment.

If you have lost someone close to you, how do you deal with the toughest moments
that hit you and don't always give you warning?

Sadness and suffering make people wiser -
Sadness and suffering will follow us as long as we live -
If you can no longer feel these emotions, it's a sign that you have
stopped growing as a person.
Sadness and suffering enable us to be strong enough to be kind to others.

When a loved one is gone, you'd look for his or her image in everything that you see,
and everything that's within you seek an exact image of how you'd like to see your loved one again, pay an attention when you love again to the one you are loving, as not being your loved one substitute.
Take a good look around you: paying too much attention to what you have lost, lets you neglect what you have/in now.
Look into the bottom of your soul and find what you really need.

Think of loving, and not of being loved.
If there is someone who is in more pain and sorrow than you are,
Give him or her your loving hand and warm support...
feel to be felt...
You have the ability to comfort others to become comforted

Thursday, December 20, 2007

A Long time away:

But there's something happening in me

Simple rules of cooperation with what's nearby lead to unexpected, even startling complexities that you could not have predicted from the rules (emergent phenomena). This is a neat parallel to the way that startling and unexpected phenomena like open-feeling emerge in me.

Tuesday, September 11, 2007

Today's mood

Always _he_ insists and will insist on __it__ , "He's rude, impoliteness and indecency "

-I'm thinking ..., i have an educated mind to be able to entertain __this thought__ or this insistence without accepting it.

-To conclude, strike or to reach an agreement concerning duties, isn't off-topic;
It's even a better way.

-Silly to put all that effort into something that's just going to die, but factual.

-Cases with similarities, but which one that really deserves ????

-For who knows what is good for mortals while they live the few days of their vain life?

Thursday, September 06, 2007

"Discordianism" believes or apophenia phobia ...?

-Is it a challenge of chance to correlate incidents to
"Law of Fives", "The Law of 23s" and "The 23 Enigma" ?


Why 23 is an enigma ?

- Cosmic number ?

- Applying the experience of seeing patterns or connections in random or meaningless data ?

- A suspense was in the Bible reads: "and be sure your sin will find you out", Numbers 32:23

- Also this number has some unique features : 2/3 = 0.666 & 2*3=6

- I don't care about Discordians and there believes maybe it's somehow interesting.

Anyhow :) i see it interesting for myself to use apophenia discovering the theory: Complete mathematical disorder in any physical system is an impossibility.

Wednesday, September 05, 2007

Common experience along the nights

-Long nights with a compelling sense of familiarity, and also a sense of "eeriness", "strangeness", or "weirdness".

-Following the same path,

-Be far from the conscious mind.

-Déjà vu, Déjà senti et Déjà visité.

Friday, August 31, 2007

Thursday, August 30, 2007

Google Interview

-I never applied. Google contacted me, and asked me to interview. I agreed, only after explaining that I was very happy where I was and that I was very unlikely to move.

-Basically, Google does not care about your current skills, what you have done or even who you are. They have some sort of a glass shoe and try to see if your foot fit into it.

-Still i have to set the second interview.

Metal Accord 6

M ((( R )))

You can't kill me, because I'm inside you
Going down ...

Monday, August 06, 2007

Strange Dream

I t was yesterday .

A strange dream , I'll post it in few points , but firstly i want to mention that it's a symbolism.

-Drunk friend by my wine bottle , faced a battery.
-A young girl fights to see a police major.
-Underground road event full of strange shape of drunk ppl and me inside it with noway out.

Comments .... ?

Wednesday, August 01, 2007

Vista Vs Linux

Something that always will never end :

Comparing Vista <> Linux ,

Some points and factors that i would like to log it , maybe it's a type of reference for 1D10T Microsoftians


Guy quotes => /*... */
me => Bold

/*

OK, let me ask you a simple question about Linux shell:

Can you explore object models in linux shell? (i.e. SQL Server, Oracle, etc)? So you can go to any object and type dir and you'll get all the relations, functions, properties, variables, etc?

*/

-Oracle doesn't use .net in linux so that's silly question

-There already is a object-based shell try to google "object+shell" Linux.
Personally, I'd map those things onto fs-level objects, fs-named.

/*

And about viruses, please don't ever mix viruses with vulnerabilities, if a virus is working on your system due to a vulnerability, then it's a security issue, otherwise it's not related to security at all, it's just another program!

*/

You should realize looking at that list that it's mostly third party software

1)There are TONS of applications available for linux that are all free. A lot are on this list
2) Security in open source projects tends to be more proactive and open- so more vulnerabilities are reported , at the time windows is a closed source and facing always vulnerabilities even at the system level.
3) if you want to compare the security as it relates to YOUR system, look at remotely exploitable vulnerabilities in the services you are running not a random list of programs from 2 years ago

/*

Enterprise Linux is not for free (its price is more than windows server)

i.e.:
The most expensive edition of Windows Server is Windows Server 2003 R2 Enterprise Edition, it costs $3,999 for 25 CALs, and it comes in 32bit and 64 bits.

While redhat Red Hat Application Stack premium costs $8,499

*/



The application stack is a marketing term and it's not more than a bunch of applications,

You have to know what you want to do before thinking in what you want to use.
You don't need "integrated applications and solutions", you need a system that does something.

And Linux provide a bunch of applications in different distros for this purpose and you can make your own application stack for free.

/*

1- When I referred to Oracle I was giving an example (by the way google is supporting .Net since version 10).
*/


Even if Oracle 10 is supporting .Net but not under Linux.

/*

2- I don't think that "vulnerabilities" in kernel fall under "3rd party tools"

*/

Kernel is always as i said an "open source project tends to be more proactive and open- so more vulnerabilities are reported" in a comparison to win kernel.

/*
3- Refer back to my last post about the term "free", nothing free in this world

*/

All the bunch of available open source softwares aren't free ?!! with an already applications integrations and inter managed dependencies all in one distro available for download and with available support from its communities from all over the world.



SOME FACTS

-USer-mode((glibc=linux/unix style) || (win32=c runtime)) both refere to standard C style lib
-Win32 has huge dependecies on the NT kernel
-Win32 API the that manipulate the kernel vista

Linux vulnerabilities:

-Most linux vulnerabilities are found and fixed by the kernel developers before they are at all popular for exploits

-If we want to make a comparison, look at the TIME ( the time the exploit was in wild , with exploit code available and used, until the time a patch was released, sum that up for all remote exploits on both kernels ) that vulnerabilities had exploit code in the wild not the number of them.

-Also , we should consider whether we will be depending on the distro to manage our security updates , or get them directly from kernel source update, the former will increase the time an exploit is available .

-Number of _public_ vulnerabilities = number of vulnerabilities reported by people.
That has precious little to do with the number of vulnerabilities present and undiscovered
that said , linux is a changing target ; it gets more new code in than closed systems(or more slowly developing software in general).

-There are many reasons people normally know these reasons, and saying "foo X is more secure than Y, because it has less _public_ vulnerabilities" is pretty moot



Kernel comparison :

-Vista kernel can not be compared to linux one cause nt kernels do not provide unix semantics to programs

-The NT kernel doesn't natively support *any* devices except the serial port , which is used to dump memory when you get a BSOD ;)

-Windows drivers are supplied by the vendors.


-Apart from proprietary drivers, like ATI NVIDIA etc, the Linux kernel contains all the drivers, in windows , when you buy a new card/whatever the vendor supplies a driver the majority included with wondows are made by the vendor and certified by M$ (and the vendor got it from the guys who made the chip)


Linux shell / PowerShell :
As a test for shell performance,

-I'd toss in a command line like

"time for file in *.jpg;do convert "$file{file%.jpg}.png";done > convert.log"

measure time of the following for every file with extension .jpg, call the convert command with as first parameter the filename, as second parameter the filename with the trailing '.jpg' replaced with '.gif,' end of loop write all output generated by the loop to convert.log.

-I do not know how this would be done in PowerShell, but i expect it to be rather painful

-I assume any shell worth the name has some mechanism like pipes, but i doubt they would come close to the flexibility you have with line-based data and tools like tr, grep and sed

-Questions regarding Power shell :

Is there anything resembling ‘which’?
Is there anything like history expansions (!$, !*, !!)?
What about command substitution (ls -l `which ls`)?
What about background jobs ?


Object model :

-Personally, I'd map those things onto fs-level objects, fs-named.
-We would produce a text representation of the object, which would then be manipulated through the usual tools and converted back into an object by a program if it so desires , there is nothing preventing us from writing a program (which you could call from bash) which parses such expressions and does things accordingly , though command-line-interfaces to dbus work this way.


Finally what about the /Proc in Vista , is there something could be the same and with the exact possibilities ?

Vista or any Window$ is available for how many Archs ?

Monday, January 22, 2007

CVS Reminder

-First Set the Env. Var. CVSROOT to the cvsrepo directory
-mk. dir. ( project ) wishing to add it to the repos. inside the repos.
-Checkout this directory
-Add files and commit.

Sunday, January 21, 2007

Google hacks security vulnerabilities

Default Resources:
intitle:"Test Page for Apache"

Directory Listings :
intitle:"Index of" admin
return URLs that contain directory listings of /admin.

more queries that take advantage of directory listings:

intitle:"Index of" .htpasswd

intitle:"Index of" stats.html

intitle:"Index of" backup

intitle:"Index of" etc

intitle:"Index of" finance.xls

Error Messages:

"A syntax error has occurred" filetype:ihtml

"ORA-00921: unexpected end of SQL command"

Remote Services:

"VNC Desktop" inurl:5800

intitle:"Terminal Services Web Connection"

Google can also find administrative applications that allow users to configure systems remotely. For example, here is how to locate phpMyAdmin installations:

"phpMyAdmin" "running on" inurl:"main.php"

GoogleAnalytics V.s AW

Google analytics as a __remote-hosting__ statistics analyzer tool;
useful features:

- Browser & Platform Combos versions
- Unique/returner Visitors
- Languages
- Referring Source Google, yahoo....
- Java Enabled
- Geo Location
- Geo Map Overlay
- Flash Version
- Connection Speed
- Network Location
- Top Content/Content by title.
- Depth/Length of Visit
- XML/excel/Tab-separated exportation for every single statistic.

What's in Aw. and not of Google A. :

-rush hours report
-Visits of robots checker
-Worms attacks checker
-Number of times your site is "added to favorites bookmarks".
-Whois links
-Static reports in one or framed HTML/XHTML pages, experimental PDF export.

Aw Requirements :
-Server must log web access in a log file you can read.
-Ability to run Perl scripts (.pl files) from command line and/or as CGI.
-Somehow Aw. can be used locally without server access by either SFTPing all logs but only if they are made accessible and work on them locally, or by using a _trick_ ,
Add a tag to call a CGI script like _pslogger_ into each of the web pages that acquiring analysis . This to have an artificial log file that can be analyzed by AW.

For dereferencing / presentation issues ;

Saturday, January 20, 2007

localhost.localdomain

A while back I was trying to set up some packaging tools on a Debian system, and came across a problem where my host was identifying itself as host/localhost.localdomain .

Firstly hostname returned the correct thing (i.e. servername), and secondly that /etc/hosts looked like this:

x.x.x.x servername.mydomain.com servername
127.0.0.1 localhost.localdomain localhost servername


some applications can’t cope with 127.0.0.1 returning localhost.localdomain instead of localhost.

Replacing that last line with

127.0.0.1 localhost localhost.localdomain servername

solved the problem - i.e. localhost.localdomain wants to be an alias,
this was using a sarge system; I don’t know what the current situation is with etch, nor whether it has been fixed in recent sarge update.

Linux Kernel - Intro

I see it important to give a bit of information regarding the Linux kernel , for whom don't know more than that Linux is power fulled cause of kernel without knowing anything more about it.

We can say that the __Kernel__ is the core of operating system;
it is the program that controls the basic services that are utilized by user programs.

The kernel is responsible for:
-CPU resource scheduling (regarding process management)
-Memory management (including protection implementation)
-Device control (providing the device-file/device-driver interface)
-Security (device, process and user level)
-Accounting services (including CPU usage and disk quotas)
-Inter Process Communication (shared memory, semaphores and message passing)

Kernel does the memory management for all of the running programs (processes) and that they all get a fair share of the processor’s cycles, also provide portable interface for programs to talk to hardware.

It is physically a file that is usually located in the /boot directory. Under Linux, this file is called vmlinuz.

Foo-bar:/home/mina# ls -l /boot/vm*
-rw-r--r-- 1 root root 1231478 Jan 24 2005 /boot/vmlinuz-2.6.8-2-686-smp

-The size of the kernel is Dependant on what features compiled into it, what modifications made to its data structures and what additions made to its code.

-vmlinuz is referred to as the kernel image. At a physical level, this file consists of a small section of machine code followed by a compressed block. At boot time, the program at the start of the kernel is loaded into memory at which point it uncompresses the rest of the kernel.

-/usr/src/linux is a soft link to /usr/src/ within this directory hierarchy are in excess of 1300 files and directories which consists of around 400 C source code files, 370 C header files, 40 Assembler source files and 46 Makefiles. These, when compiled, produce around 300 object files and libraries; large portion of this is driver code.

-Only drivers that are needed on the system are compiled into the kernel, the rest can be placed separately in things called modules.

-Kernel Boot steps:

1) The boot loader program (e.g. grub) starts by loading the vmlinuz from disk into memory, then starts the code executing.
2) After the kernel image is decompressed, the actual kernel is started. This part of the code was produced from assembler source.
Technically at this point the kernel is running. This is the first process (0) and is called swapper. Swapper does some low level checks on the processor, memory and FPU availability, then places the system into protected mode. Paging is enabled.
3) Interrupts are disabled though the interrupt table is set up for later use. The entire kernel is realigned in memory (post paging) and some of the basic memory management structures are created.
4) At this point, a function called start_kernel is called.
start_kernel is physically located in /usr/src/linux-2.x.x../init/main.c and is really the core kernel function.
5) start_kernel sets up the memory, interrupts and scheduling.
In effect, the kernel now has multi-tasking enabled.
The console already has several messages displayed to it.
6) The kernel command line options are parsed (those passed in by the boot loader) and all device driver modules are initialized.
7) Then memory initializations occur, socket/networking is started and bug checking.
8) The final action performed by swapper is the first process creation with fork whereby the init program is launched. Swapper now enters an infinite idle loop.

-The timer interrupts are now set so that the scheduler can step in and pre-empt the running process. However, sections of the kernel will be periodically executed by other processes.

Comment or give some detailed discussion if you do like.

Friday, January 19, 2007

RELAX-NG V.s W3C XML-Schema | Jing

As of start packaging Jing, the _RELAX NG validator_ to Debian, i was going with some bit of difference analysis between the RELAX-NG and the W3C XML-Schema language.

For some more info regarding _Jing _ , it implements :
* RELAX NG 1.0 Specification,
* RELAX NG Compact Syntax, and
* parts of RELAX NG DTD Compatibility,
specifically checking of ID/IDREF/IDREFS.


Firstly analyzing the advantages of XML-Schema over the DTD,

XML-Schema over DTD
-It provides much greater specificity than DTDs could. some of these specificities are namespace aware, and provide support for types.

Then the features not supported by RELAX-NG,

XML-Schema over RELAX-NG..:
-RELAX NG lacks any analog to
-RELAX NG has slightly poorer specificity, i.e., it is not possible to define a specific number or range of repetitions of patterns.
-XML-Schema has a formal mechanism for attaching a schema to an XML document.

Then what is better regarding RELAX-NG in:

RELAX-NG Over XML-Schema

-It is the compact and has an equivalent form that is much more like a DTD, but with greater specifiability
-Also it provides very strong support for unordered content.
-RELAX-NG also allows for non-deterministic content models.
-RELAX NG allows attributes to be treated as elements in content models while W3C XML Schema cannot specify such a dependency between the content of an attribute and child elements.
-Most RELAX NG schemas can be algorithmically converted into W3C XML Schemas and even DTDs (except when using RELAX NG features not supported by those languages, as above)

So at the same time that _Jing_ also has support for schema languages other than RELAX NG; specifically

* W3C XML Schema (based on Xerces-J);
* Schematron;
* Namespace Routing Language.



Monday, January 15, 2007

Scott Shit Racks Blocks

Scott Morris Lab
Some of what's in the four separate rack cabinets:

-Juniper/Netscreen Router, Firewall and SSL VPN Device
- Cobalt/Sun RAQ2+
- Dell PowerEdge 650 (2 x P4-2GHz, 4GB RAM) Running Web-server and primary DNS.
- Trend Micro Network VirusWall 2500
-Cisco IDS-4210 Outside/Inside IDS Sensor
- Juniper/Netscreen IDP-100, ISG-2000, SA-1000, NS-208 , M7i, M5e, M10 and NS-2
- Cisco Catalyst 3750 - 48-port 10/100
-PIC, 4-port T-1 PIC
- Xyplex 1640 Terminal Server
- Cisco MCS, VG-200, 3620, 2611 voice gateway series
- Compaq DL/320 running Call Manager Publisher/subscriber
- Cisco LS-1010 ATM Switch
-Cisco uBR-924 Cable Modems with voice capability
- Cisco 3620 Frame Switch
-Cisco 3620 ISDN Switch
........

Lab purposes:
training
Juniper Networks Certified Internet Expert (JNCIE) lab exam.
consulting clients


This path not recommend to anyone unless you have a good amount of business to drive it or unless you see this equipment is great in the winter to heat your house ...!! :D


For your Comment:

Jim Morrison

People are afraid of themselves, of their own reality; their feelings most of all. People talk about how great love is, but that's bullshit. Love hurts. Feelings are disturbing. People are taught that pain is evil and dangerous. How can they deal with love if they're afraid to feel? Pain is meant to wake us up. People try to hide their pain. But they're wrong. Pain is something to carry, like a radio. You feel your strength in the experience of pain. It's all in how you carry it. That's what matters. Pain is a feeling. Your feelings are a part of you. Your own reality. If you feel ashamed of them, and hide them, you're letting society destroy your reality. You should stand up for your right to feel your pain.”
Jim Morrison

Friday, January 05, 2007

Complicated || not organized __detailed__ manual ...?!

When trying to configure console based mail client from time,
I noticed something ...!
All those complicated manuals regarding MUA<->MTA settings,
just exists to confuse people and discourage them from using their software.
Is it so hard for them to start with a simple configuration ...?!!
Three steps may put you to a working env.

-mutt configuration (in ~/.muttrc)
-SMTP command (~/bin/gmailout)
-ssmtp configuration (/etc/ssmtp/ssmtp.conf)

Also it was the case from few days when i was Installing/configuring R.Rails / MySQL /Apache
I noticed that maybe a Google search may be more effective than MANs, still the Question..
Gr8 to have a good detailed manual, but also there must be a hint or a pointer to what's related or required of dependencies of software components or third-party packages configurations
.....any comment ... ???!