noel alanguilan

- with adobe and apple trading jabs maybe its time for adobe to consider porting their products, namely photoshop and indesign, to linux instead of suing the fruit. i think that would be more rewarding and satisfying in the long run.

- wordpress 3.0 has been released. matt said, “3.0 is faster, stabler, and more secure” and it looks like its faster and the interface is cleaner. the next few days will certainly be a bit busier. so far it certainly looks interesting enough. i’m particularly intrigued by the new multisite feature.

- google embeds a pdf reader into chrome. so far, its only available in the 6.x beta versions of chrome.

- open source lessons from the porn industry. the article shows how the industry maximizes the use information technology. don’t worry the article is rated g so its safe for work.

- dell said linux is safer than windows then a few days after it says its not. which one is it, dell? well, i know my answer. just take a peek at this picture and see for yourself.

[sarcasm on]
this has got to be one of the more helpful error messages that i’ve gotted from yahoo mail.
[sarcasm off]

chrome—google’s web browser feels fast, yes. the linux version just came out a couple of weeks ago and its only now that i was able to sprinkle my impressions about it on this blog.

i found the interface uncluttered giving a little more screen space for web pages. it passed both the acid2 and acid3 (100/100) tests which is very good for my web development work.

what doesn’t work for me so far, is that i can’t preview my posts in a mailing list i manage in yahoo groups. clicking on the preview button just gives me, essentially,  a blank page. not good. but i do realize that this may not be a chrome problem but using firefox and opera works. also some add-ons in that i use in firefox is not yet available or only has the ‘lite’ version in chrome. i use noscript in firefox but there is no equivalent in chrome.

what does work for me is the way the interface comes out as uncluttered and that i get some extra screen space. importing settings and bookmarks from firefox was a breeze. it even imported the passwords i use in the sites i visit. and of course i like the speed.

so far its been good to me. there are minor quirks for the week that i have been using it but it’s nothing major. i’m thinking of what mozilla might be bringing to the table next.

i got this e-mail, shown at the left, supposedly from the admin of our mail server telling me that the administrator have prevented access to my account. it sounds entirely stupid from my point of view since i am the administrator of our mail server.

so i automatically labelled the mail as malware considering that there’s invitation to open the attached file and to follow the instructions within—classic malware tactic. if this thing was legit then why didn’t they just put the instructions in plain sight which the user can read immediately. and don’t get me started on the spelling errors and grammar of the email.

please don’t try the following kids. out of curiosity, i decided to download the attached file and open it up in my html editor. and what i got is shown in the image below. its a javascript program designed to guide your browser to some unknown server and plant bad stuff into your computer.

lessons for the day, please take emails like this with a grain of salt. personally confirm with your system administrator if it’s true or not and save yourself the hassle and don’t just click on any link you haven’t been introduced to.

- google’s chrome 5 is finally stable on linux (and mac). its not on beta anymore. yey. let’s see how this one holds up.

- 3 terabyte hard drive from seagate—that’s 3000 gigabytes. windows xp will only be able to access 2.1tb. the 64-bit version of windows 7 and vista and modded versions of linux can use the full 3tb though.

- this year’s summer solstice falls on june 21 at 1:16pm (philippine standard time).

- i didn’t know the pc is dead. no one told me. and google is ditching windows for something else. i think we’re getting ahead of ourselves. don’t forget that the current macs are essentially pcs (intel inside) with different clothing. and windows is no less relevant whether google stops using it or not. there’s the rest of the planet to consider.

- caffeine—google’s new search index goes live. its suppose to be 50% faster.

i use rsync to backup files within the local network and also through the internet. rsync, by default, does not encrypt the data it transmits so to backup files via the internet one has to encrypt the data or the port that the data travels in using another software. for this purpose i use ssh (secure shell) to create an encrypted “tunnel” between the transmitting and receiving computers.

the conventions i’ll be using: remote means the server where i will be copying files from and local means the server where i will be copying files to. local is also where the rsync backup script is located and initiated.

my assumptions are that both remote and local servers are running linux and both have rsync and openssh installed.

when initiating a backup run from the local server, the remote server would normally ask for a password. this is obviously not good especially when i need to schedule unattended backup runs at odd hours of the day (or night). so for the script not to ask a password i need to generate a public/private pair of keys on the local server to be used with ssh.

to generate a public/private key pair, log in to the console in the local server:

$ ssh-keygen -t dsa -b 2048 -f /home/localbackupuser/local-rsync-key
Generating public/private dsa key pair.
Enter passphrase (empty for no passphrase): [press enter here]
Enter same passphrase again: [press enter here]
Your identification has been saved in /home/localbackupuser/local-rsync-key.
Your public key has been saved in /home/localbackupuser/local-rsync-key.pub.
The key fingerprint is:
94:87:e5:c3:d0:06:e4:09:3a:76:a2:d2:d7:9b:2e:cc localbackupuser@local

so now we have keys to use to authenticate between the local and remote servers. we now have to copy the contents of the local-rsync-key.pub into the authorized_keys file of the remote server (/home/remoteuser/.ssh/authorized_keys)

i would normally mount the remote server’s drive using sshfs (secure shell filesystem) and edit the authorized_keys file as if it was in my workstation. another way to do this is via a remote console.

for added security, you can limit the computer(s) connecting to the remote server by specifying the ip address of the local server along with the contents of the public key generated above (details here). this would be very useful if the ip address of the local server doesn’t change. unfortunately mine does.

next step is to test the backup script on the local server via ssh. if the backup script starts syncing with the remote server then all that is left to do is add and entry in crontab to automatically start the backup at the time you specify.

links:
using rsync and ssh
sshfs

i’ve been receiving a lot of these emails of late. they’re scams in my view. the first one came from the “facebook team” saying that i have to “submit a new, updated account agreement” and that i should “unzip the attached file and run the agreement.exe by double-clicking it.” the other is supposedly from the “microsoft team” providing a system scanner to check and get rid of the conficker.b virus in your computer. these are email scams to get a user to run the attachment which is actually a virus. so when you receive them just delete them.

below are samples of the scams i received. i’ll likely post an excerpt any new emails that i think are scams.

from the “facebook team”:

Dear Facebook user,

Due to Facebook policy changes, all Facebook users must submit a new, updated account agreement,
regardless of their original account start date.
Accounts that do not submit the updated account agreement by the deadline will have restricted.

Please unzip the attached file and run “agreement.exe” by double-clicking it.

Thanks,
The Facebook Team

from the “microsoft team”:

Dear Microsoft Customer,

Starting 12/11/2009 the ‘Conficker’ worm began infecting Microsoft customers unusually rapidly.
Microsoft has been advised by your Internet provider that your network is infected.

To counteract further spread we advise removing the infection using an antispyware program.
We are supplying all effected Windows Users with a free system scan in order to clean any
files infected by the virus.

Please install attached file to start the scan. The process takes under a minute and will prevent
your files from being compromised. We appreciate your prompt cooperation.

Regards,
Microsoft Windows Agent #2 (Hollis)
Microsoft Windows Computer Safety Division

watch out. these are scams. do not fall for them.

here’s the script i use on secure backup runs using rsync—with a little modification to the names and ip addresses for security reasons—but everything else is essentially the same. i have to run this through cron because the server is headless—no monitor. i just access it via the ssh console or browser from another computer.

#!/bin/sh

DATETMP=`date +%Y.%m.%d`
RSYNC=/usr/bin/rsync
SSH=/usr/bin/ssh
# the private ssh key of the local computer
KEY=/rsyncuser/.ssh/id_local
RHOST=remote.ip.addr.ess
RPATH=/remotedata/
LPATH=/localdata/
LOGFILE=/rsyncuser/rlog.$DATETMP.log
# contains the file extensions of files to be excluded from the backup
EXCLUDES=/rsyncuser/localexcludes
OPTS="--exclude-from=$EXCLUDES"

# check if rsync is already running
RUN=`ps x | grep rsync | grep -v grep | wc -l`
if [ "$RUN" -gt 0 ]; then
echo rsync already running
exit 1
fi

$RSYNC -avz -e "$SSH -i $KEY" $OPTS $RHOST:$RPATH $LPATH >> $LOGFILE

i leave an entry in crontab to run the script once each day. sometimes a backup run goes longer than 24 hours so i needed to check if rsync is already running in the server. if the script doesn’t check, it will run another instance of the script and would slow down the server or, worse, brings it down completely.

i have to encrypt all data that gets transferred between the two computers via ssh just in case a naughty third party is “listening in”. i use 2048-bit encryption. processing the data—encrypt at remote; decrypt at local—is a little slower but i am more confident that the data will be safe from eavesdroppers.

i use the exclude-from option to exclude files that shouldn’t be backed up—music and movies—or else the backup will take too long especially on just a dsl line.

if you notice anything wrong with the script, please leave a comment.

note: this is repost from my old blog.