Category Archives: Technology

Spam Spam Spam

Technology

Well now that the election is over I’m already getting spam to watch an “amazing viedo of Barack Obama”. No clever tricks here just the old “click on this link”. The link is not masked in any way, just points to a url a person would not identify with anything. An example of the email content is:

From: "Elections center"
Subject: USA Election Results

Barack Obama Elected 44th President of United States

Barack Obama, unknown to most Americans just four years ago, will become
the 44th president and the first African-American president of the
United States.
Watch His amazing speech at November 5!

Proceed to the election results news page>>

2008 American Government Official Website
This site delivers information about current U.S. Foreign policy and
about American life and culture.

If you get one of these pay attention to the link, viewing source is actually a better way to tell. The url your taken to when clicking on “Proceed to the election results news page>>”, which you should NOT do, is associated with wconlinenrue.com. If we check the registration info for that domain we can see it’s not legit.

   Domain Name: WCONLINENRUE.COM
   Registrar: BIZCN.COM, INC.
   Whois Server: whois.bizcn.com
   Referral URL: http://www.bizcn.com
   Name Server: NS1.SPRITSONLINE.NET
   Name Server: NS2.SPRITSONLINE.NET
   Status: clientDeleteProhibited
   Status: clientTransferProhibited
   Updated Date: 04-nov-2008
   Creation Date: 04-nov-2008
   Expiration Date: 04-nov-2009

A little to obvious, the domain was created yesterday and will expire next year. If we check Spam Trackers we find a wiki entry for bizcn and if we go to the Uribi Blacklist for bizcn we find wconlinenrue number 2 on the list. At least that is as of my typing this.

So if your spam filter doesn’t catch these delete them, better yet don’t open an email if you don’t recognize the sender. If you do recognize the sender pay attention to the links you will be clicking on.

Update: since typing this just 20 minutes ago I’ve gotton a few more emails but with a different domain, lopbiuemis.com. In all cases though the body of the message was the same as above. No doubt their will be many domains associated with the links.

Find and Replace with Regular Expressions

Technology,

Every once in a while I need to do some simple rearranging of text when receiving a file, most of the time this has to do with EDI or XML. Today’s issue was how to replace a tilde (~) with a carriage return, to denote the end of a line. It’s nice to know that both Open Office and Geany, to name just two, have no problem with this.

All I had to do is put in \n in the “Replace With” box and check Regular Expressions, now I have a 1010 line file neatly formatted. Before it was all on one line. Kudos to those much smarter than I for creating applications that do this at the push of a button.

Debian Lenny Suspend Resume config

Technology,

After problems with Evolution in the latest version of Ubuntu decided why not go back to Debian and install Lenny. Of course having a few issues with one application isn’t a reason to just give up on a distro, Hardy is on the desktop I use for work every day, so I took it as an opportunity to go back to a distro I’ve used before on my laptop.

Just like with Etch when loading Lenny wireless was not recognized. That was no big deal as the wireless nic uses the ipw2200 driver available at http://ipw2200.sourceforge.net. Downloading the firmware and adding it to /lib/firmware was all that’s necessary. The piece that has been a little frustrating though is suspend/resume. Granted my laptop use doesn’t really require me to utilize suspend / resume but it would be nice to get it to work.

This afternoon I took some time to try and figure it out, it took a while but got it working. Their is a wealth of information about this topic, two places that helped put the pieces together were the Debian Suspend Wiki and the HAL Quirk site. I did follow the instructions for creating a fdi file on the HAL Quirk Site, but at this point that may or may not have been the problem. That file is called 20-video-quirk-pm-compaq.fdi, since the laptop is a Compaq V2000, and contains the following.

<!-- V2000 -->
<match key="system.hardware.product" string="Presario V2000 (PM064UA#ABA)">
 <match key="system.hardware.version" string="Rev 1">
  <merge key="power_management.quirk.s3_bios" type="bool">true</merge>
  <merge key="power_management.quirk.s3_mode" type="bool">true</merge>
 </match>
</match>

The instructions on how to create the fdi file are here and easy to follow. Once that was done I still received the following message when executing s2ram.

# s2ram
Machine is unknown.
This machine can be identified by:
    sys_vendor   = "Hewlett-Packard"
    sys_product  = "Presario V2000 (PM064UA#ABA)      "
    sys_version  = "Rev 1           "
    bios_version = "F.22    "

Interesting that the machine is unknown yet it finds the setup in the fdi file. With the file in place the following worked as root.

# pm-suspend --quirk-vbestate-restore --quirk-s3-bios --quirk-s3-mode

But at the same time using s2ram -f also worked. So this is where I have to admit I’m still a little confused. Running either command as ‘root’ worked, but when using my account failed logic tells me that would be a permissions issue… but where. Of course not the end of the world I thought, opening a terminal window and executing the command isn’t that bad. But at the same time I thought if you can do it as root then their should be a way to add that functionality for a user. After poking around some more I ran across some forum posts that mentioned the user needs to be in the powerdev group. So I checked my account properties, sure enough Suspend and hibernate the computer was _not_ checked.

After checking, logging out and back in, suspend worked from “the suspend” key or the power button. Makes me wonder after all this time if that was the problem ? At this point I’m not sure, I’ll need to undue a few things to get back to the original state. But it was a good learning experience and suspend/resume now works.

Ubuntu Intrepid Ibex beta

Technology, ,

With the latest release of Ubuntu coming up thought I’d give the beta a try for a few days. It served me well when moving from Gutsy to Hardy earlier in the year. The install was routine no problems and the only real changes were to manually partition the drive. By default /home is not on it’s own partition and doing that makes upgrades and backups a better experience.

After loading and logging in did the normal updates with apt-get and added a few apps like Geany, Bluefish, vpnc, Liferea, gFTP, irssi and some others. The latest version of GNOME has a modified network manager as well as some changes to user switching and logging off, obvious to me at least. You can see the complete list here.

Evolution also had some changes.

Message Templates
WebDAV Contacts support
Google Contacts support
Custom header support while sending mails 
Single Model view for Calendar
Sqlite Based message summary (aka Camel On-disk Summary)
New Bonobo-less composer for Evolution 
Quota support to IMAP/POP accounts
Gtk+ Recent manager integration in Composer
Contact-list for Exchange

I had some initial trouble with the conversion where the indexed messages didn’t match the db. But removing files in .evolution/mail/local leaving the mbox files fixed the problem.

So far no real show stoppers, until this morning when updating caused a firmware / driver mismatch with the wirless nic, ipw2200. Not to keen on digging into that at the moment so will go back to Hardy for now. More than likely another update in a few days will fix it or it will be resolved in general release.

Update: Oct. 20 – After further investigation the firmware was removed. Putting it back in /lib/firmware resolved.

SSH bots

Technology

Checking logs the other day I noticed another instance where ssh bots trying to get access to my home server. Monitoring auth.log for less that a minute revealed 11 failed attempts.

$ tail -f /var/log/auth.log | grep Failed
Oct  8 20:53:37 boss sshd[27267]: Failed password for invalid user peru from 68.216.125.39 port 43047 ssh2
Oct  8 20:53:40 boss sshd[27269]: Failed password for invalid user china from 68.216.125.39 port 43974 ssh2
Oct  8 20:53:44 boss sshd[27271]: Failed password for invalid user uk from 68.216.125.39 port 44570 ssh2
Oct  8 20:53:48 boss sshd[27273]: Failed password for invalid user ok from 68.216.125.39 port 45358 ssh2
Oct  8 20:53:52 boss sshd[27276]: Failed password for invalid user navy from 68.216.125.39 port 46298 ssh2
Oct  8 20:53:55 boss sshd[27278]: Failed password for invalid user spring from 68.216.125.39 port 47694 ssh2
Oct  8 20:53:59 boss sshd[27280]: Failed password for invalid user summer from 68.216.125.39 port 49883 ssh2
Oct  8 20:54:03 boss sshd[27282]: Failed password for invalid user autumn from 68.216.125.39 port 50796 ssh2
Oct  8 20:54:07 boss sshd[27284]: Failed password for invalid user winter from 68.216.125.39 port 51960 ssh2
Oct  8 20:54:10 boss sshd[27286]: Failed password for invalid user snow from 68.216.125.39 port 52885 ssh2
Oct  8 20:54:14 boss sshd[27288]: Failed password for invalid user skyrix from 68.216.125.39 port 53493 ssh2

It’s probably not a bad idea to add some security. For now we’ll enable the MaxStartups function in sshd_config. I’d prefer to run Fail2Ban but have some dependancy problems with python. I’ll have to look into that or other options.