Introduction About Site Map

XML
RSS 2 Feed RSS 2 Feed
Navigation

Main Page | Blog Index

Archive for February, 2006

Hackers, Insults and Error Logs

Laptop

SEVERAL times in the past I whined about the state of the Internet. It is too susceptible to various faces of evil — something which is finally recognised at a higher level and is attributed to the way the Internet was initially conceived, engineered and set up. Blame it on Al Gore if you wish, for he is the one who “invented the Internet”.

My main domain continues to suffer from zombie attacks and brute-force hacking attempts, all of which are unsuccessful. Such attacks may seem like benign inconveniences when properly filtered, yet all such attempts contribute to ‘noise’. They also require a lot of work to circumvent and defeat.

If a Web page, let us say /foo/bar/ includes the word “guestbook” (especially in the page title), one may find errors in the site logs which resemble a particular pattern. These would be common sensitive addresses such as /foo/bar/addentry.php or /foo/bar//addentry.php, which indicate an attempt to spam em masse. The culprits are lazy spammers who scan a page (often a search results page) and run some scripts. The aim is to exploit widely-known vulnerabilities, which have been already patched in most cases. There are rarely open sores in Open Source, but large-scale spam continues to pose a risk and devours precious bandwidth.

As an example of spamming attempts, I find many requests that are similar to:

[Tue Jan 31 07:33:56 2006] [error] [client 69.31.80.114] File does not exist: /home/schestow/public_html/Weblog/archives/2005/07/addentry.php

These are, of course, automated attempts which are directed at pages containing the word “guestbook”. The attacks are thrown at many sites simultaneously, regardless of what software is actually used.

In other circumstances, hacking attempts involve hijacking of a content management systems or an entire Web site, which is worse than spam. These are attempts to deface, being the equivalent of a UseNet defamation or complete name mocking, crossposted for public humiliation (an example).

I used to very much worry about people’s ability to write self-derogatory blog comments, newsgroups posts, and mailing list messages ‘on behalf’ of somebody else. I saw it happening many times before. The least one can do is embrace PGP for signatures. No less. Not everyone can spot IP addresses and track them. People can nymshift without any restrictions.

If manners are the glue of on-line communities, what are the motives of such vandals? When has cracking (as opposed to “hacking”) become popular? The motives must be a boost to ego and clan vanity (or “klan” rather). Sometimes, Web sites are captured and then re-direct to steal ranks which are accredited by search engines.

What have I done on the matter? Not much so far, but I found a neat solution to the Windows zombies. Many common attempts to hack are being redirectd to this page rel="nofollow", to which I referred in this previous blog item. Errors and attempts to hack can be suppressed using re-directions on common URL‘s, which characterise vulnerable components or exploitation of script for mass-mailing or spam. All in all, after much work, Web malice has been lowered to a manageable level.

SuSE Linux and Related Thoughts

SuSE Linux beta, KDE

TO those interested in joining the ‘experiment’, SUSE Linux 10.1 Beta4 is finally available to “adventurous experts”.

Novell’s SuSE appears to be a strong leader among Linux distributions nowadays. As merely a personal opinion, other formidable players remain: (Cannonical) Ubuntu, Red Hat, and Mandriva. Those excluded are either scarcely-found ‘in the wild’ or are difficult to install, which makes them more suitable to experts, special-purpose systems such as those dedicated to media, or those running on legacy hardware.

Shy and Flattered at the Same Time

Roy as a baby
Photo from around 1984

Warning: shameless rave lies below, but it is no lie.

I sometimes wonder how my life would have turned out if I had chosen a different career path. I believe I could stick to a particular sport and make a living out of it. Yesterday, the guy at the cashout (a friendly lad) asked me if I was a bodybuilder, making me shy and flattered at the same time. He then began asking for some general guidance and workout tips, while packing the groceries very slowly with the intention of earning time.

More often than before I find myself giving others advice on fitness, diet and exercise (apart from computers). Yet, on many other occasions I sought help from personal trainers with whom I am in good terms and, as a matter of fact, it was my father who got me started with regular exercise over 10 years ago. So, I merely pass on the experience I have absorbed from others.

This year’s fitness competition is coming up and I am already obliged to sign up and participate. I was the winner in all previous contents among this series, which got me in an ecstatic mood.

‘Get the Linux Facts’ Campaign

Servers

IF your business awaits in the crossroad, having to make a choice between Linux and Windows, look no further. There has been a great deal of fuss over biased figures, which falsely showed Linux servers to be weaker than Windows counterparts. Help yourself to the true facts and do not be misled by heavily-funded propaganda.

Open Source Development Labs (OSDL) and member company Levanta have announced the free availability of an Enterprise Management Associates (EMA) study titled “Get the Truth on Linux Management.”The study re-examines previously reported, anti-Linux management claims — deriving updated analysis from in-depth research with more than 200 end users. The “Get the Truth on Linux Management” report is available in its entirety, for free download, at the Levanta website.

Related item: Microsoft-funded Benchmarks

Code Optimisation and Miniature Web Servers

Equation

IN programming, efficiency always entails a cost. Contrariwise, simplified and inefficient code is often easier to understand. Where can balance be found? Can it ever be found? Efficiency is often preferred by so-called ‘power users’, whereas others opt for simplicity. Consequently, when negotiating projects, either at code-level or when deciding on UI design, flame wars may arise among developers or avid users.

Let us consider code optimisation. If the programmer wants to go all the way, (s)he could optimise by shortening variables, removing excessive spaces, and stripping out newlines. In such circumstances, interpreted code will be quicker, albeit less meaningful when an error arises and goes verbose. This is nothing like bytecodes and JIT, but similar rules should apply.

Good code should be well-structured, easily-readable, elegant, and well-documented. If the code is compiled, all comments should definitely stay in tact rather than ever be stripped. Automatic documentation can fit nicely in the source rather than be generated and made peripherally available, e.g. via Web pages. The only exception is debugging ‘bits’, which could definitely slow down program execution. As long as the developer keeps the original and saturated version of the code public, however, nobody need get entangled in closed-source traps.

On to an exciting prediction, with lowered file sizes and optimised code, programs could scale better on Wi-Fi-driven Web servers which run on a PDA in one’s pocket. Such server must be properly taken good care of, as well as the Internet connection, which is as vital as that of a synapse. With the growth of smaller devices, the need for efficiency is better realised.

The Goobunto Myth

Google on a computer screen

After previous denial by Google as regards the release Ubuntu Linux variants, comes yet another clarification.

Google very likely is using the Ubuntu version of Linux internally, but Ubuntu project founder Mark Shuttleworth said this week he doubts the Internet search giant plans to turn it into a product.

“As far as I’m aware there is absolutely no truth to the rumor that Google plans to distribute a derivative of Ubuntu as a Google OS,” Shuttlworth said on his blog. “As exciting as that may be for Linux, it wouldn’t make sense for Google, and so far they’ve been pretty sensible about their projects.”

“The ‘goobuntu’ you may have heard of is just a modified version of Ubuntu,” he said. “Technically, there’s likely to be a ‘goobian’ and a ‘goohat,’ too,” referring to Linux versions from Debian and Red Hat.

Perhaps it is a shame, given Google’s personnel, skills, and budgets. Then again, no further commercialisation and privatisation of Linux is probably a positive thing.

Items on Goobuntu: Google Controversies, Google: Primary Rumours Victim

Musing De Jour: Telephone vs. Keyboard

Shortcut keysDigits on a telephone’s keypad and keyboard arrangements of numbers (the right-hand-side of standard keyboards) are inconsistent in terms of layout. Have you ever wondered why? I sure has to stop and ponder myself . I tried to flip the telephone upside down to achieve consistency, to no avail. The zero ends up at the wrong end (top) and the whole ‘image’ is reversed; “mirrored”, to be precise.

Isn’t such layout supposed to be standardised for the user’s sake? It definitely simplifies habits and make keypresses more instinctive. There must be some historical motives. The pulse phone and the dial probably predate computer keyboards. In other words, tone dialling with the modern one-stroke input came after computers, so could possibly inherit the same, perfectly-acceptable layout.

Most of us can switch easily between the two layouts. Many use both the phone and the ‘NumLock setting’ on for numerical data entry (highly popular among accountants). I hear that the same arguments apply to alternative layouts of characters, e.g. Dvorak keyboard layout, which need not necessarily interfere with QWERTY habits. QWERTY is an arbitrary scheme, which if I recall correctly was only justifiable as it avoided mechanical collisions in typewriters. It is not optimised for quick input, however, and it almost neglects entirely the frequency of keys being pressed. On the other hand, one must consider the issue of universality since not all languages use a given character at similar frequencies. it all boils down to the question: is greater (keyboard) diversity a positive thing?

Retrieval statistics: 18 queries taking a total of 0.153 seconds • Please report low bandwidth using the feedback form
Original styles created by Ian Main (all acknowledgements) • PHP scripts and styles later modified by Roy Schestowitz • Help yourself to a GPL'd copy
|— Proudly powered by W o r d P r e s s — based on a heavily-hacked version 1.2.1 (Mingus) installation —|