Hmmmm. I haven’t posted here in ages. Lots going on. At one point I used this as a journal for tech stuff. Somewhere along the way I got sidetracked into a lot of other things. I’m wondering though if it’s time to restart…. lots of linux administration and tech stuff to write about. Watch this space there may be new material coming soon.
Tag: tech
-
The Great Lizamoon SQL Injection Attack – March-April 2011
Well – Friday things started getting interesting on tech news sites. Most sites were running phony April fools stories and a few including websense was running with a major attack going on against many SQL based websites. Details were sketchy – people were told to look for ur.php files in their web directory (which isn’t exactly a good test to see if your site has been infected by this SQL injection…) “<script src=http://lizamoon.com/ur.php”> is an example of the code that is inserted into sql databases and what it basically does is force visitors to visit a scareware site where malware may be installed onto their computer that claims they have a virus…. (how many of those have we seen in the last 5-10 years?)
One of my annoyances with tech news (and especially virus news) coverage is that when a story gets big enough to be covered by the big media, they never do it justice. I want information. What is this attacking? What programs are vulnerable, is there a pattern?
-
Ultra Capacitor Flashlight | 90 second charge | Light for Life Flashlight
This looks NICE… The new Light for Life flashlight which uses an ultracapacitor instead of batteries. Because of the ultracapacitor it takes 90 seconds to charge up. It uses LED lights and can run for 90 minutes on that 90 second charge. I see some uses that this wouldn’t be appropriate for, but many that it would be great for…. (If they could sell a handcrank adapter or some portable charge method that could be excellent.) It comes with a mounting bracket, belt ring and DC charger. (The number of charge/recharge cycles of a lithium ion or himh battery would pale in comparison to the ultracapacitor.)
-
Remastering Ubuntu’s live disk
Many times I’ve used Ubuntu’s livecd to test out an ailing system, but more than once I’ve wanted to add a utility, yes you can apt-get install from the live cd, but that assumes the system has a working internet connection, it’s sometimes better to just build the cd yourself with the tools YOU want. Using the tips in this forum thread and this page, with help from this google search, I remastered my own custom version of ubuntu (with smartmontools among other things.) I consider the ability to make your own custom tools priceless when it comes to tech support.
-
Discovercard whoops….
This isn’t tech related except for the mail merge side of things. We got a letter in the mail day before yesterday from Discovercard. It had my name and address on the outside just as it’s on record with Discover and everything looked like a normal “account information notice” (read…. ad for some of our services) mailing. When opened up…. The name and address on the letter inside were different (in our town, but someone else/different road/etc.) And the last four digits of the acocunt number were listed. All in all, it could be a much worse data leak, but still…. it’s annoying to see Discovercard go and botch a mailmerge like this. (I guess this is why they use “Windowed” envelopes for their bills…) In the past I’ve had communications from credit card companies that printed my entire account number on the letter, which usually makes me grumpy at least…. My only question is how many people got someone elses letter.
-
Blacklists and rejecting mail with Sendmail
A long time ago I had found how easy it was to reject messages outright with Postfix that came from non-existent domains. You know… junk from asdflkjuasdlfkjh@imadethisupmyselfanditsnotregisteredanywhere.com
Well, since the mailserver at THIS site runs sendmail I wanted to fix sendmail the same as my home server. My home server is postfix based and uses fetchmail to pull from the website. Since I had the rules set to reject non-existent domains at home it would essentially strand messages in the account here at the website which would then need to be cleaned out manually.
-
Tech support tutorials made easy on linux….
One of the real frustrations with phone tech support is translating step by step what is needed to the person on the other end. I know it sounds easy, but in reality – what if they’ve got xyz theme for their menuing and it’s not there, what if… oh you know – they’ve just got something in a different place than you expect it. The person on the other end usually has to be the eyes and that, many times doesn’t work out great. That’s one reason that I’ve worked to start doing the remote tech support because that way I can BE AT the machine and what seems like an eternity on the phone can actually become a short and quick resolution. Anyway – Newsforge today detailed a way to capture videos of actions on screen in a “how-to” format under linux with ScreenKast and share the how-to video online with captorials.com
-
Reinventing the capacitor
These days, big inventions aren’t entirely new creations, but improvements on an old idea. This latest in a string of interesting science/technology breakthrough stories is about just that. Researchers at MIT (how many sentences have I started like that this week?) have developed a new way of constructing a capacitor. One of the limiting factors with HOW much charge a capacitor stores now is the surface area of the “plates” that hold charge. The greater the surface area, the greater the charge. What they’ve done is laced the surface with nano-tubes, greatly increasing the surface area. One writer compared this to a fuzzy bathroom towel soaking up more water than a flat cloth. Probably not a bad analogy. What makes this significant….
-
Remote tech support with anything – would I do it?
I’ve tried to ask myself if I’d trust someone enough to let them run a remote session on my own desktop to solve a problem. I think the answer is “it depends”. If you think about it, I do tech support for home users quite a bit and they let me come into their homes. If I were weighing someone coming into my house, or onto my computer desktop, I think I’d choose my desktop. …
-
The security of remote tech support (ultravnc sc or x11vnc with wrapper script)
Well, I’ve got a nice way of doing “easy” one click (or one cut and paste) light desktop support for windows or linux, one uses ultravnc sc, the other uses x11vnc with a special wrapper script. So, what security flaws are there in this process? Well, for starters, I see the biggest vulnerability for the computer running the listening vncviewer (because it HAS to be available to the outside world.) That means the tech support desk must keep on top of vncviewer updates and keep the service turned off when not expecting a client connection. The other question that comes to mind is encryption though….