Diary of a Network Geek

Not sure who else will care about this.

I doubt most of my readers will care too much about this, but I do sort of follow what goes on at Six Apart. They were the first real blog company, I think. They made the first blogging software I used, MovableType, and, really, they were around before just about anyone else. As a company, they’ve contributed quite a bit to the blogging world, beyond their software. In short, I keep an eye on them because they’re one of the big players in the blog world.

In any case, according to this story on ZDnet, they’ve sold LiveJournal to a Russian online media company called SUP. They, apparently, are making a few changes, but the overall attitude seems to be a positive one. Personally, I wonder what made Six Apart sell LiveJournal. I don’t use it myself, but I read a couple of blogs that are on LiveJournal so I’m passingly familiar with them. I doubt that LJ made any big money for Six Apart, but, then, I didn’t think that was why they acquired them in the first place. At the time, I thought it was to convert people from LJ to Six Apart’s MovableType-based service, TypePad. Now, though, I wonder if that was it at all. If they were after some technology that LJ had, what would it have been? And, now that they have it, why dump LJ?

Not sure what’s going on there, but, no matter how you feel about Six Apart, they’re pretty savy when it comes to business and blogging, so they likely have a pretty good reason for their decision to sell LiveJournal.  And, just as likely that none of us regular joes will ever know what it is.

A “new” technique that’s more than three years old.

Huh. So, there was this article on MSN recently titled Lock Bumping: A new burglary threat. Now, I remember reading about this in 2600, the Hacker’s Quarterly a really, really long time ago. And, I seem to recall it was a topic at DefCon a number of years ago, not to mention that Bruce Schneier talked about it in 2005.
But, what gets me is that the article itself mentions that the technique was mad popular by a video in Germany back in 2004.

So, how is this a “new” technique again?

This time, we’ll restore the image we made last time

mkdir /tmp/server
mount -t smbfs -o username=my_user_name   //server_name/share /tmp/server

Now, this assumes that you don’t have anything installed on the new pc yet and are working with just a blank, unformatted hard drive. First, I restored the partition table and the master boot record:
# sfdisk /dev/sda < /tmp/server/images/cad1r-sfdisk-sda.dump
# dd if=/tmp/server/images/cad1-sda.mbr of=/dev/sda

And then the partitions. Since I had several files produced by split for my primary partition, I needed to take them all, in the right order of course. Now, keep in mind that when we used split in the last post, it added “aa”, “ab”, “ac”, etc. to the end of the file name.

# ls -l /tmp/server

will help you check which files you need for the next step.

Now, again, this all assumes that you had a single partition on the original machine and are restoring a single partition. First, change to the directory where the images are:

cd /tmp/server

Now, we restore the image files with the command below. You’ll have to “cat” all the files in the image directory on the server. Notice the pattern of the file names? That’s what split did for us. Now, rather than do the work manually to restore them, I used a little bit of shell code and a variable reference to save you the need to type the names of all the files. Also, the little “-” at the end of the line does matter, so don’t forget it. Oh, and this command should all be on one line.

cat cad1-sda1.img.gz_a[a-z] | gunzip -c | ntfsclone --restore-image --overwrite /dev/sda1 -

Reboot into your new Windows XP clone.
It’s just like magic, isn’t it?

Hey, I get paid to be a geek, right?

So, I’ve been having some issues with my network and several Windows XP machines. In a nutshell, these machines seem to lose connectivity after approximately nine hours and fifteen minutes from the last restart. In other words, when my crazy-dedicated engineers work past their ninth hour, their machine slows to a crawl and eventually locks tighter than a Catholic school-girl’s knees. In any case, after weeks of troubleshooting this issue, I’ve come up empty. The best that I’ve got for these guys is either a) Don’t work such long hours or b) Reboot the machine at lunch.
In a further attempt to fully understand what is happening and at what level, I’ve gotten one of these machines and I’m going to install Windows 2000 on it. If we have the same issue, I know it’s hardware. If I don’t, I’ll be certain, within a reasonable percentage of sureity, that the issue is some arcane aspect of Windows XP. Either way, I should be closer to a real answer.

But, before I wipe my current experimental machine, I decided I wanted to back it up. Naturally, I turned to my old friend, Linux. A quick Google turned up a blog entry titled “Cloning XP with Linux and ntfsclone“. So, with a few modifications for my own environment, I followed the instructions there. Incidentally, I used the latest version of Knoppix as a boot CD.

First, open up a terminal/shell session and create a mount point with the following command:
# mkdir /tmp/server

Then, because my DHCP server didn’t give the Knoppix virtual machine the right DNS information, add your server to the /etc/hosts file.
Next, mount the network share that you want to dump the images on.
# mount -t smb -o username=administrator //server1/share /tmp/server

Check how your live CD sees the partitions you want to save with the following command:

# cat /proc/partitions
major minor  #blocks  name

8       0   78150744  sda
8       1   76211608  sda1
240     0    1939136  cloop0

I want to save that 80 GB disk sda, which has a primary partition sda1. First I saved the partition table and the Master Boot Record this way:

# sfdisk -d /dev/sda >/tmp/server/images/cad1r-sfdisk-sda.dump
# dd if=/dev/sda bs=512 count=1 of=/tmp/server/images/cad1-sda.mbr

and then the partitions:

ntfsclone -s -o - /dev/sda1   | gzip | split -b 1000m - /tmp/server/images/cad1-sda1.img.gz_

Note that this saved disk image in 1G files, in case the way I mounted the share to the network server didn’t allow for large files. Sometimes that can get tricky going from Linux to a Windows 2003 server and back, so I decided not to take any chances. It makes a mess of files, but at least it took the guess-work out for me.

Coming soon, the restore process! Keep an eye out!

Well, as you can see by the picture to the left, the phisher was at it again.

So, me being who I am, I checked on this nasty phisher again and, naturally, he’d cleared the content and put his own back up. Well, this time, I went a little more subtle on him.  Instead of renaming his old file and uploading my own, I just uploaded my own over his.  If you look, you can see that I left most of his work in place, but added my own warning to anyone who might click on the link this stupid phisher put in his spam message.  I might keep this up for a bit, since it’s so easy and will hopefully drive at least one scumbag out of business.

Now, you might ask yourself why I don’t just assault the phisher or his site directly.  Well, there’s two reasons.  First, I imagine that this is a compromised site and not the phisher’s own.  So, if I attacked the site itself, I’d be damaging his victim twice.  Secondly, this way, if anyone does click on the link, I might educate someone so that they don’t just click on any link they get via e-mail.  The best way to hit these scammers is by way of educating people enough so that they don’t fall prey to these tactics.

Oh, also, notice that I left the compromised site’s address visible in the graphic.  Since this has become an educational tool, I figure everyone who reads my blog might as well get educated!

Advice from your Uncle Jim:
"We have nothing to fear but fear itself."
   --Franklin Delano Roosevelt

I probably shouldn’t have done this, but…

You know, sometimes, I just get so irritated with the scams I get via e-mail that I just can’t help myself. This morning I read one too many eBay phishing scams in my inbox and, well, I had to do something about it.

So, this is the e-mail I got that sent me over the edge.
Notice how this looks like a legitimate e-mail from eBay. It has all the same things that the official notices from eBay would have, including links to what look like official notices and actual sign-in screens.
The only real problem with this is that it was sent to an account that’s not associated with my eBay account and I haven’t bought or sold anything on eBay in over a year. What bothered me, though, was that I know people who would click on this and get scammed.
For fun, I hovered over the links to see where they led. If you look at the bottom of the linked screen capture here, you’ll see what I saw, but with the IP address obscured for safety’s sake.

This is the page that the phisher wanted me to go to.
Again, notice how it looks like a legitimate page on eBay’s website. It looks so good because the phisher’s page actually links to the graphics on eBay’s site. But, if you look in the address bar in the browser in the linked screen capture, you’ll see what led me to mess with the scammer.
The link is to an FTP site and includes logon information, complete with password.
Naturally, this was just too good for me to resist.
So, I popped open a DOS prompt and loaded the default FTP client on my Windows machine. When I connected to the FTP address listed in the link, I was prompted for a userID and password. When I used the credentials in the link, the FTP server let me in!

Naturally, this was far too good an opportunity for me to pass up.
So, while keeping the connection open, I renamed the phisher’s scam page from “ne.html” to “nono.html”. Then, I created my own “ne.html” and uploaded it.
In the linked image to the left, you can see that it gives anyone who loads it a warning not to click on just any old link they get in e-mail. Hopefully, this will serve to not only frustrate the phisher, but also educate anyone who might click the link.

Naturally, I don’t expect this to be up for very long on the phisher’s site, but, I figure if I help anyone with this little stunt, it will have been worth it. Though, you will notice that I obscured the IP address in my graphics to protect anyone the phisher may have hacked to run his scam. Also, it’s entirely possible that I was technically breaking the law by doing this, but I don’t expect the phisher is going to actually try to prosecute. After all, just how would one explain this to a judge?

Oh, and when I checked on it just before posting this, the phisher had changed the files back.  So, I did it again.

Advice from your Uncle Jim:
"It's better to keep one's mouth shut and be thought a fool than to open it and resolve all doubt."
   --Abraham Lincoln

This is old news.

So, lately, there’s been a bit of buzz about Windows Home Server. The press has gone on at length about how this was such a brilliant idea who’s “time has finally come” and patted Microsoft on the back for thinking of it.
Well, this is really old news. As I was going through some old magazines recently, before throwing them out, I saw a short article on the Memora Servio Personal Server. A Linux-based home server that did everything from share files to filter e-mail to act as a firewall for home users. The device was auto-configuring and sat between your home network and your broadband connection and even could be ordered with wireless built in. The magazine was from 2001.

Sadly, the company doesn’t seem to be around any more, though you can see the old Memora About page, thanks to Archive.org. Again, this company was doing this six years ago and, from what I can tell, only seemed to have closed up shop in the past year or two. I wonder how well this product sold? What’s more, I wonder if anyone has the distro around, with the configuration programs on it? I know, I’d love to get my hands on that!

So, some of my readers are geeks, too. Ever heard of this product? Or, maybe, something like it?

(And, if you haven’t looked at my pictures yet, scroll down to untill you see them, then vote on the sidebar!)

Hmm, maybe I could have a second job…

So, I saw a guy adverstising on the web for “Internet Marketing Services”, specifically, “Business Blog Services” and “Social Marketing Services”. Sounds simple enough to me. Frankly, I’ve done plenty of blog work for folks and I can’t imagine adding a business component to it would be that much extra work. But, this guy was asking for $600 to set up a blog! With WordPress, I’d be done in about 30 minutes, including upload time and configuration. $600 for less than an hour worth of work… Oh, and then, if you want his “daily blogging” service, wherein he will make a blog entry for you, seven days a week, that’s $500 per MONTH! And, if you want him to optimize your blog for the search engines, that’s another one-time fee of $500.
But, what got me was the ad copy for what he called “Social Media Optimization“. That service, his site claimed, includes “Search Engine Reputation Management, Social Marketing Team Launch & Management”. “Search engine reputation management”? Are you kidding me?! For not submitting your page to the search engines too often and making some minimal effort to make sure you don’t get black-balled by Google, he’s going to actually negotiate a fee? What’s more, it’s a variable fee, no doubt based on how much you know about search engines and the web. I have a feeling that the less a customer knows, the higher the fee.

Wow, I could make a bundle at this kind of thing. If only I didn’t have ethics and the last vestige of a conscience…

(And, if you haven’t voted yet, check out the pictures from two posts ago and vote!!)

Wow, people sure are paranoid about nothing.

Look, I’m all in favor of high-level paranoia.  In fact, there have been times that a major portion of my job has been all about being paranoid enough.  And, God knows, in this age of identity theft and on-line fraud, being a little extra paranoid is probably a pretty good idea.  (For those of you with ex-spouses, or soon-to-be ex-spouses, that goes double.  Trust me!)  But, this big noise over on Slashdot about the latest version of WordPress sending “private, user data” back to servers at WordPress.org is just going a bit too far.

First of all, the only thing it sends to the server is the url of the blog, the version of WordPress and its plugins and the basic server settings of the web server running the blog.  I mean, c’mon, that’s mostly public information in the first place!  I can collect two thirds of that data from most servers in less time than it took me to write this post!
Secondly, Matt Mullenweg, the main developer of WordPress, and a Houston native, posted about this on the developer’s mailing list, including how to install plugins to disable the code.  (If you’re paranoid, the plugins are called Disable WordPress Core Update and Disable WordPress Plugin Updates.)
Thirdly, let’s not get ahead of ourselves on blaming a free, OpenSource project like this for not being great about disclosing absolutely everything they’re doing behind the scenes.  I mean, it’s not like they’re doing silent updates without notifying paying customers or anything.

In any case, I thought I should mention the issue, and the solutions, since I’ve been so vocal in support of WordPress in the past.
So, there you have it.

Just a little something for the techie manager-types.

I know I still have some tech-geeks who read this blog. I mean, I did start out, all those years ago, blogging about mainly technical stuff and some of the real die-hards have to still be reading, right? Well, I do try to keep y’all in mind and occasionally write up something that might help you get things done. Most of you fellow geeks know me as a Novell enthusiast, but I don’t limit myself to just one set of tools. There’s an old saying that when your only tool is a hammer, every problem looks like a nail. Well, I like to keep a bunch of tools in the old tool bag to solve all kinds of problems.

Sometimes, though, it’s not that easy to figure out which tool to use. So, when I saw these two related articles on TechRepublic about choosing the right tools, I thought I’d share. The first is a blog post that describes the D.I.C.E framework. (In short, D.I.C.E is an acronym for Difficulty, Investment, Capability and Expandability. All things to keep in mind when implementing new technology.) The second article is really a download. It’s a spreadsheet that helps you evaluate systems in relation to the D.I.C.E framework.
So, between the two, you should have a little extra help determining what technology to install and support.
And, you might even pick up a few ideas about how to present it to the boss, too!

Advice from your Uncle Jim:
"No matter what goes wrong, there is always someone who knew it would."