« March 2008 | Main | May 2008 »

April 29, 2008

The generational divide online

I received an a forwarded email this morning from my grandmother with some goofy troll looking baby.  I tend to get a occasional emails from family that are amusing, and some that I've got to reply to with links to snopes.  Someone put together a site called Postcards From Yo Momma, which allows people to submit emails from their mothers and other family members that may be amusing.  Everyone has a different relationship with their parents, but some of these posts are golden, such as this one from the front page:

"In other news, your father asked me this morning if he could borrow my nasal irrigator.  I got very excited, thinking he was being pro-active in fighting the cold that’s got him sniffling non-stop already.  Turns out he just wanted to use the irrigator to inject jelly into the croissants he was baking.  I could write a f$%@ing book.

I’ve got to buckle down now and read this new script.

XXOO
MA"

Websites like this make you smile, especially when you get to see a snippet of the affection and/or annoyance that exists between mother and child.  It is the happy end of the voyeuristic spectrum, with the sad end being Post Secret

Link: http://postcardsfromyomomma.com/ 

April 21, 2008

SPLUNK! ZUFF! PAN!! SNUH! BORT! POOO! NEWT! MINT! ZAK!

Over the past few years I've been meaning to evaluate Splunk's main product, a log aggregation and analysis tool by the same name.  Often times as a sysadmin, you have makeshift tools due to budget limitations or other types of hardships.  Many places I've worked have had enterprise level network monitoring capabilities, but unfortunately were monitoring the wrong things.  The items of the most importance on a day-to-day and hour-to-hour basis were done in shell scripts or manually at the command line.  What Splunk does is to give you the configurability of the command line, but packages it up in a nifty web based GUI that allows you do drill down to specific problems (and see the log entries associated) or just skim along at the 40k foot level through graphs and charts.

I recently built a new Ubuntu server box at home (from completely anemic old hardware) and decided that I'd try out Splunk.  Even with the most minimal of hardware Splunk was up and running in no time at all.  From downloading the debian install package to fully functional was about 25 minutes.  My system load churned for about an hour at around 2.0 while all the /var/log and other directories were indexed and pulled into the Splunk database.  It is pretty amazing, as the base version of Splunk can access anything that is local to the system, so if that machine is your syslog server, you can correlate error events over a large network in no time at all.

In the picture below you can see the log entries for a brute force attack against my ssh server (from host 209.239.35.45, which is probably just a hacked intermediary host).  Using Splunk allows me to drill down to see specific attacks by type or host, by very quickly changing the query statements.

 

Below you can see the ebb and flow of 'page not found' 404 errors on my webserver.  I recently started hosting a domain that had been down for about a year.  That domain hosted a bunch of jpg files, which were linked to by some idiot myspace page designer.   Once I track down the individual files that are linked to, I make a symbolic link to this file

 

In the extended entry, I've copied the output from the install.  Just make sure to limit access to port 8000, or whatever other port you'll be using, as there is no access control in the demo version.

 

In a nutshell, Splunk is like a swiss army knife that you never knew you needed, but now you crave.  While it works great as a near real time system monitoring tool, you can also import files from anywhere and process them for historical data.  It would make a great tool for network forensics timeline reconstruction as well as a fine day to day IT operations tool.  I'm sure that there are millions of other things that can be done with this, but just being able to grok so much data at one time is like having some sort of sysadmin super power.

  

Here is how simple the install is:

otterpop:~$ sudo dpkg -i splunk*.deb
Selecting previously deselected package splunk.
(Reading database ... 20705 files and directories currently installed.)
Unpacking splunk (from splunk-3.2.2-34603-linux-2.6-intel.deb) ...
Setting up splunk (3.2.2-34603) ...
----------------------------------------------------------------------
The Splunk Server has been installed in:
        /opt/splunk

To start the Splunk Server, run the command:
        /opt/splunk/bin/splunk start

To use Splunk's web interface, point your browser at:
        http://otterpop:8000

Complete documentation is at http://www.splunk.com/r/docs
----------------------------------------------------------------------

Thanks it folks!!!


The first time you run it under Ubuntu, you get this:

otterpop:~$ sudo /opt/splunk/bin/splunk start

Splunk Free Software License AgreementTHIS SPLUNK SOFTWARE LICENSE AGREEMENT (THE "AGREEMENT") GOVERNS ALL SOFTWARE PROVIDED BY SPLUNK INC. ("SPLUNK") FREE OF CHARGE AND ANY AND ALL UPDATES, UPGRADES, AND MODIFICATIONS THERETO ("FREE SOFTWARE"). SPLUNK SOFTWARE PURCHASED THROUGH SPLUNK'S ONLINE STORE OR OTHER CHANNELS ("PURCHASED SOFTWARE") WILL BE SUBJECT TO APPLICABLE TERMS IN THIS AGREEMENT AND TO THE "ADDITIONAL TERMS FOR PURCHASED SOFTWARE" PROVIDED BY SPLUNK. THE FREE SOFTWARE AND PURCHASED SOFTWARE ARE REFERRED TO COLLECTIVELY AS THE "SOFTWARE". BY CLICKING ON THE "YES" BUTTON, DOWNLOADING OR INSTALLING THE SOFTWARE, OR USING ANY MEDIA THAT CONTAINS THE SOFTWARE, YOU ARE CONSENTING TO BE BOUND BY THIS AGREEMENT.

"Splunk Developer API" means the documentation and functionality enabling the creation of extensions to the Software. "Example Modules" means the source code and binary form of examples that use the Splunk Developer API.

FREE SOFTWARE LICENSE AND RESTRICTIONS. Subject to the terms and conditions of this Agreement, Splunk grants to you a non-exclusive, worldwide, copyright license to use, copy, and distribute the Free Software in binary form only and only to index no more than 500MB of peak daily volume of uncompressed data (the 'Maximum Peak Daily Volume'). The Free Software will be configured to display warnings, reduce available functionality, and/or cease indexing data when the Maximum Peak Daily Volume is reached. Splunk further grants to you a non-exclusive, worldwide, copyright license to use the Splunk Developer API and Example Modules included with the Free Software to develop extensions for the Free Software by addingyour own source code and recompiling (collectively, "Your Extensions"). You agree to assume full responsibility for the performance of the Free Software modified in this way, and shall indemnify, hold harmless, and defend Splunk (includingall of its officers, employees, directors, subsidiaries, representatives, affiliates and agents) and Splunk's suppliers from and against any claims or lawsuits, including attorney's fees and expenses, that arise or result from your distribution of the Free Software and/or Your Extensions pursuant to this Agreement. You retain title to and copyright for Your Extensions, subject to Splunk's title to and copyright for the Free Software, the Splunk Developer API, and the ExampleModules as specified in Ownership, below. You agree that you will include this Agreement with any copy of the Free Software made or distributed by you, and that you will not charge any fee or receive any other consideration in exchange forany distribution of or rights to use Your Extensions. If you want to make any commercial use of Your Extensions you must first enter into a separate agreement with Splunk for such purpose. You shall not (i) decompile, disassemble or reverse engineer the Free Software without the express written authorization of Splunk; (ii)modify, adapt, or create derivative works of the Free Software, except to create Your Extensions in accordance with this Agreement; (iii) rent, lease, loan, or resell the Free Software, the Splunk Developer API, Example Modules, or Your Extensions (including but not limited to offering the functionality of the Free Software on an applications service provider or time sharing basis);or (iv) authorize any third parties to do any of the above.

LIMITATION OF LIABILITY. IN NO EVENT WILL SPLUNK BE LIABLE TO YOU OR TO ANY THIRD PARTY FOR ANY DAMAGES OF ANY KIND, INCLUDING, WITHOUT LIMITATION, DIRECT, SPECIAL, INDIRECT, INCIDENTAL, CONSEQUENTIAL OR PUNITIVE DAMAGES (INCLUDING LOSS OFUSE, DATA, OR PROFITS, BUSINESS INTERRUPTION, OR COSTS OF PROCURING SUBSTITUTE SOFTWARE) ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT OR THE USE OR PERFORMANCE OF THE FREE SOFTWARE, WHETHER SUCH LIABILITY ARISES FROM CONTRACT, WARRANTY, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY OR OTHERWISE, AND WHETHER OR NOT SPLUNK HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGE. THESE LIMITATIONS WILL SURVIVE AND APPLY EVEN IF ANY REMEDY IS FOUND TO HAVE FAILED OF ITS ESSENTIAL PURPOSE. BECAUSE SOME STATES OR JURISDICTIONS DO NOT ALLOW LIMITATION OR EXCLUSION OF CONSEQUENTIAL OR INCIDENTAL DAMAGES, THE ABOVE LIMITATION MAY NOT APPLY TO YOU.

EXPORT. You agree to comply fully with all relevant export laws and regulationsof the United States ("Export Laws") to ensure that the Software is not (i) exported or re-exported directly or indirectly in violation of Export Laws; or (ii)intended to be used for any purposes prohibited by the Export Laws, including but not limited to nuclear, chemical, or biological weapons proliferation.

GENERAL. This Agreement shall be governed by and construed in accordance with the laws of the State of California, without giving effect to the principles of conflict of law. Any legal action or proceeding arising under this Agreement willbe brought exclusively in the federal or state courts located in the Northern District of California and the parties hereby consent to personal jurisdiction and venue therein. Neither party may assign this Agreement, in whole or in part, except in connection with an internal reorganization or a sale of the business with which this Agreement is associated without Splunk's prior written consent, and any attempt to assign this Agreement other than as permitted above will be null and void. This Agreement is intended for the sole and exclusive benefit of theparties and is not intended to benefit any third party. This Agreement constitutes the complete and exclusive understanding and agreement between the parties regarding its subject matter and supersedes all prior or contemporaneous agreements or understandings, written or oral, relating to its subject matter. Any waiver, modification or amendment of any provision of this Agreement will be effective only if in writing and signed by duly authorized representatives of both parties. Should any term(s) or condition(s) of this Agreement be held to be invalid or unenforceable by a court of competent jurisdiction, the remaining terms and conditions of this Agreement will remain in full force and effect.Do you agree with this license? [y/n]: y

Copying '/opt/splunk/etc/myinstall/splunkd.xml.default' to '/opt/splunk/etc/myinstall/splunkd.xml'.Copying '/opt/splunk/etc/modules/distributedSearch/config.xml.default' to '/opt/splunk/etc/modules/distributedSearch/config.xml'.

Checking prerequisites...

Checking http port [8000]:

openChecking mgmt port [8089]:

openVerifying configuration. 

This may take a while...

Finished verifying configuration.

Checking index directory...

Verifying databases...

Verified databases: _audit, _blocksignature, _internal, _thefishbucket, history, main, metaevents, sampledata, splunklogger

Starting splunkweb...

/opt/splunk/share/splunk/certs does not exist.

Will createGenerating certs for splunkweb server

Generating a 1024 bit RSA private key.............

++++++........................................................++++++

writing new private key to 'privkeySecure.pem'

-----Signature oksubject=/CN=otterpop/O=SplunkUserGetting CA Private Keywriting RSA key

The Splunk web interface is at http://otterpop:8000

If you get stuck, we're here to help.  Feel free to email us at 'support@splunk.com'.

The system this was installed on is a Pentium III 650MHz system with half a gig of ram and a puny 30GB hard drive.  Even on hardware like that, with splunk, apache2, postfix, syslog-ng and a few other processes, the load almost never gets above 0.1.  I'm assuming that you'd need more horsepower than this for a whole enterprise, but you can try out their software on a throwaway PC. 

And if you get the reference in the name of this article, you are a bigger Simpsons fan than I am.  consider yourself enbiggened. 

April 16, 2008

Movin' on up

Several weeks ago my wife an I had discussion about the speed of our DSL connection.  For the last five years our connection has been humming along and working just fine.  Originally we chose an internet provider called DSLExtreme due to their fairly low cost for a circuit with dedicated IPs (at the time it was $30 USD cheaper than AT&T/SBC's monthly "business" DSL).  When I went to our provider's website I was blown away to find out that by upgrading to 6Mbps/768kbps and keeping static IPs, that we'd actually save about $12 USD a month. 

Clicking on the upgrade button on the provider's online service center was easy enough, but it ended up being a bit more trouble than I expected.  When the DSL provider turned on the juice yesterday morning our service started becoming very unstable.   The traffic that the DSL modem was providing to my firewall was actually causing it to freeze up.  After seven or eight full power cycles, my wife was pretty done with being civil.  I came home from work with a mission.  The first thing that I did was replace the DSL modem with something newer.  The Westel Speedstream DSL modem that I was using had been a workhorse for over 8 years, with this being the third location that it was used at.  The beige plastic case had changed color over the years to an unsightly urine hue.  With the modem replaced with a newer spare Netopia model, things were running much better.  The connection would still drop when traffic was heavy, so I bit the bullet and ran new CAT6 to the network box on the side of the house.  I know this sounds like overkill, but it was my silver bullet.  The existing cabling must have been sufficient for a 1.5Mbps connection, but not good enough for the 6.0Mbps link. 

To test out speed, I'm a big fan of the BroadBand Reports tools.  The flash based speed tester has a nice graphical report and has pretty consistent results.   

Our service before: 

Our Service after:


 

Status:

 

 

I've really liked my DSL provider DSLExtreme over the years.  They keep you up to date on system issues (upgrades/outages/etc) and they generally just work.  The only time I had to contact them directly was back in 2006 when they had some BGP routing issues with one of their peers that was screwing up my wife's VPN traffic, but other than that they just work.  The icing on the cake with them, is that they don't use any annoying PPPoE, just regular bridged ethernet (RFC 1483) connectivity to make access a snap.   

This is a direct quote from my wife: "You put off other home repairs forever, but god forbid we lose our internet connection and you fix it right away."  Hey, one has to have priorities.   Hopefully I won't have to go through all this trouble again when I get 24Mbps ADSL2+ rolled out in our area.

Update:

I needed some new Linux distros, so I downloaded Azureus and fired up some torrents.  The download throughput is right up against the limit!  Huzzah.

Azureus download/upload 

Coffee Overload

Recently my wife purchased a Nespresso espresso machine for the house.  I was leery at first, but I am totally sold on it these days, due to the low cost and how clean the thing is.  The only downside is that you have to buy coffee in these little pod containers that are the size of a normal half and half container, but made of plastic and foil.  While these things are proprietary, it isn't going to last forever (or at least at the rate my special monkey goes through the caffeine), so I'm not too worried about being trapped into a standard.  I guess I'll never be a coffee purist, just a practical caffeine enthusiast. 

 

What got me thinking about the sweet dark elixir was this article in GizMag. OMG, a walk-in coffee machine!  That's almost like relaxing inside the udder of a cow waiting for some milk, in a less creepy way. 

 

 

April 14, 2008

Another great Anti-Malware resource

SRI International has made their Malware Threat Center available to the general public.  This site contains constantly updated information about the status of attacking hosts and bot-net clusters.  They provide information on what are the best signatures for IDS systems as well as pre-built router commands to block infected hosts from contacting you systems.  This site is definitely worth a look.

 

Link: http://mtc.sri.com/

April 11, 2008

Choose your advertisers wisely

I was online tonight and ran across a link to the winner of the Miss USA 2008 pageant.  I don't usually track these events, but due to the recent follies, I thought I'd check out the link.

 

What I found was somewhat amusing.  The lesson here is that you need to choose your advertisers wisely....  LOL

 LOL

 

April 08, 2008

Sleeping.. KTNXBYE

JD Sleeping

(note: this does NOT get old) 

Label your media!

Those of you who work with sensitive data, and your facility allows removable media such as thumb drives, you might want to look into these units.  At Ease, has a selection of appropriately colored USB thumb drives that are labelled properly for the data that is contained within.  It makes a user think twice before leaving a secure space with sensitive info.  While this doesn't afford you an specialized data encryption, but it does lead to a higher aweness for the user.

Secure Thumbdrive 

 


April 07, 2008

Digital TV Deadline

$40 Rebate Cards - Yay FCC 

With the FCC switchover set to go February 17, 2009, I figured I should check out how the unwashed masses will be getting their television signals.  I've been using either cable tv or a form of satellite tv for the last 20 years or so.  The TV I have sitting in my garage still runs on a rabbit ear antenna setup, I so registered on the FCC DTV Voucher site for a $40 USD off coupon for a set top box.  When I received the coupons, I did the search online for vendors, only to find that it would be cheaper just to go down to a neighborhood Wal-Mart and pick up the box.  The following is an account of what I think...  

Update 4/14/2008 - The SF Chronicle has done a nice review of the same boxes, as well as several more.  It is worth taking a look if you are having a hard time making a decision.

Link: http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2008/04/14/BUV11045KT.DTL 

I purchased two units at a local Wal-Mart:

  • RCA DTA800
  • Magnavox TB100MW9

I got sidetracked for a while, but the week after I purchased these boxes, I opened them up and gave them a test drive.  Being that I don't normally watch over the air TV, I don't have a real rooftop TV antenna, so I used a mismatched Arrow 2M/70CM J-pole amateur radio antenna to do the reception.  This is a far from optimum receiving setup.

The first unit tested was the RCA DTA800 Unit.  Without reading the manual it was up and running in about 10 minutes.  After the channel scan, everything was pretty much plug and play.  The box was able to receive 7 stations with mild pixelization of some stations in San Jose, about 25 miles to the south with severe multipath from the hills above Fremont.  Overall the box was pretty slick with key features such as: Channel changing controls on the box and a faux-Satellite signal strength meter for aiming the antenna.  

The second unit tested was the Magnavox TB100MW9.  Without reading the manual, getting the box to power on took a few minutes, as there is a sneaky little hard power switch on the unit.  Overall this unit was amazing with a great setup wizard and better receive quality (10 Channels on this one and less pixelization on the fringe stations).  Don't lose the remote on this one, or you'll never change the channel again!  

 

In a nutshell, you can't beat the subsidized price of about $9 USD for either of these.  While the Magnavox seems to be superior in signal quality, the RCA unit is incredibly small, has an easier to use remote and buttons on the front of the unit.  Either of these would be a great pick to take your nasty looking old wooden console Sony Trinitron into the next millenium.  Make sure to use your TV converter box before they expire in May 2008!

April 06, 2008

R.I.P. Chuck Heston

Some may remember Charlton Heston as Moses, Ben-Hur or as a crazy gun lover.

 
In my eyes he will always be a protector of the human spirit.  For me, I will always remember him as George Taylor, Astronaut.

 

There were never more fitting words:

"I hate every ape I see
From chimpan-a to chimpan-zee
No, you'll never make a monkey out of me

Oh my God, I was wrong
It was Earth all along"

Rest In Peace, Chuck.  

Yahoo News Story Here.

April 03, 2008

Purloined WiFi

Open WiFi connections abound in any major metropolitan area these days.  Recently there have been several articles in regards to local laws regulating the "stealing" of WiFi from unsuspecting neighbors.  While local municipalities can make laws in regards to this, here are the problems that I have with these statutes.  First of all, the localality does not have the authority to make regulations in regards to the transmissions of wireless signals, that is left to the Federal Communications Commission (Look it up, it has been that way since the Communications Act of 1934).  Wi-Fi falls under Title 47 CFR Part 15, which designates it as an unlicensed service.  Since the wireless link itself has no "real estate" or exclusive license for the spectrum, you would need to prove that:

  1. There was due dilligence to lock down the access point with WEP/WPA or some sort of encryption or access control.
  2. There was a theft of services (i.e. bandwidth caps were exceeded, customer charged for overage)
  3. Or there was a denial of service (i.e. user could not access the bandwidth that was paid for)
  4. Or there was malicious and/or nefarious network activity going on (i.e. surfing kidding porn from the SUV or running a spam server on your internet connection)

The municipality that tried to prosecute someone in their car surfing WiFi, would have an easier time accussing the suspect of some sort of physical trespassing or loitering.  Beyond this, unless the accused was stupid enough to say "hey, I'm stealing that signal", the municipality has no probable cause to search the computer or to detain you.  What is to say that your proximity to a WiFi source is coincidence and you are just surfing the web through a 3G cellular connection.

Here is an analogy:

If you ran an extension cord to your front lawn and connected a landline phone, then a passerby uses that phone to make a call to a local number or toll free long disitance, are they commiting a crime?  You have made your connection accessible and they have not incurred any costs associated to your account.  Who then is to blame?

 



 

 

 

 

Time has an interesting article about the subject: http://www.time.com/time/magazine/article/0,9171,1813969,00.html