noel alanguilan

i got this e-mail, shown at the left, supposedly from the admin of our mail server telling me that the administrator have prevented access to my account. it sounds entirely stupid from my point of view since i am the administrator of our mail server.

so i automatically labelled the mail as malware considering that there’s invitation to open the attached file and to follow the instructions within—classic malware tactic. if this thing was legit then why didn’t they just put the instructions in plain sight which the user can read immediately. and don’t get me started on the spelling errors and grammar of the email.

please don’t try the following kids. out of curiosity, i decided to download the attached file and open it up in my html editor. and what i got is shown in the image below. its a javascript program designed to guide your browser to some unknown server and plant bad stuff into your computer.

lessons for the day, please take emails like this with a grain of salt. personally confirm with your system administrator if it’s true or not and save yourself the hassle and don’t just click on any link you haven’t been introduced to.

- google’s chrome 5 is finally stable on linux (and mac). its not on beta anymore. yey. let’s see how this one holds up.

- 3 terabyte hard drive from seagate—that’s 3000 gigabytes. windows xp will only be able to access 2.1tb. the 64-bit version of windows 7 and vista and modded versions of linux can use the full 3tb though.

- this year’s summer solstice falls on june 21 at 1:16pm (philippine standard time).

- i didn’t know the pc is dead. no one told me. and google is ditching windows for something else. i think we’re getting ahead of ourselves. don’t forget that the current macs are essentially pcs (intel inside) with different clothing. and windows is no less relevant whether google stops using it or not. there’s the rest of the planet to consider.

- caffeine—google’s new search index goes live. its suppose to be 50% faster.

he pauses and stops to look at his day’s handiwork and at the lake he loves.

“you are clean again,” he whispers to himself.

he breathes the lake’s fresh breath and affords himself a faint smile as if he was just kissed.

with a sack full of twigs, leaves and litter on his back he takes his leave of the lake and trudges off toward his hut not more than a stone’s throw away from shore.

as he prepares the night’s meal he thinks of tomorrow and he happily smiles to himself.

he will take the paths around the lake again picking up twigs, leaves and litter as he goes. he will whistle the lake’s favorite notes and tell her the stories again.

for now, its rest and sleep beside his beloved lake.

the past two days… and not necessarily in this order.

38° yesterday (i heard). i think we were watching …

shrek 4 at the time. fortunately.

enrolled robin in high school. and it was just last week that we enrolled him in grade school. sigh.

took a ‘walk’ along king street in toronto. interesting. not too many people on the streets. or maybe its the wrong/right time of the day. i really have to try tim horton’s coffee once.

adopted a kitten and named her/him ‘wasabi’. thank guys. we saw it on the street. eyes still closed. screaming at the top of its tiny lungs, “meow! meow!” what can we do?

found out that aang, the last airbender is not really asian. bummer.

finished with ‘light’ penetration testing.

started learning a bit of hungarian. no plans of going to budapest. yet.

woke up to the sisters of mercy (the band). i wonder what it will do to my psyche today.

been thinking more about grass. not cannabis.

heard the a good friend of mine is finally ‘free’. congratulations dude!

my practice rides have been becoming regular lately—almost every other day for about 30 minutes. getting back on a bike is one of my targets for this year.

i had to temporarily change to a mountain bike because i can lower the seat so that my feet easily reaches the ground. and i’ve replaced the knobbies with commuting slicks so the ride is much, much smoother on pavement.

it was a slow process but i wanted to get my body used to balancing a bike properly again and i wanted to improve the reaction time of my legs to keep me upright when i need to stop quickly. i feel i am making very good progress and i can finally see myself doing longer rides. yey!

today i made 1 kilometer. that is not much by my normal standards but from where i’m coming from, this kilometer is far enough from my 100- or 300-meter practice runs.

i know i can go farther. one kilometer will become two then that will become four. i’ll get there.

Akatsuki no Kuruma
fictionjunction yuuka
The Wheel of Dawn

Original / Romaji Lyrics English Translation

Kazesasou kokage ni utsubusete naiteru
Mi mo shiranu watashi wo watashi ga miteita
Yuku hito no shirabe wo kanaderu GITAARA
Konu hito no nageki ni hoshi ha ochite

Shaded by the trees, calling out to the wind, I’m lying face-down crying
I saw a version of myself I didn’t even recognize
On this guitar I’m playing the melody of someone who’s passed on
A star falls in the grief of someone who’ll never be seen again

Yukanaide, donna ni sakende mo
ORENJI no hanabira shizuka ni yureru dake
Yawarakana hitai ni nokosareta
Te no hira no kioku haruka
Tokoshie no sayonara tsuma hiku

Please don’t go, no matter how much you scream,
all it will do is quietly stir these orange petals
Saved on my soft brow,
I send the memories in my palm far away
An eternal farewell as I keep strumming

Yasashii te ni sugaru kodomo no kokoro wo
Moesakaru kuruma ha furiharai susumu
Yuku hito no nageki wo kanadete GITAARA
Mune no ito hageshiku kakinarashite

The heart of a child clinging to a gentle hand
The blazing wheels cast it off and continue on
On this guitar I’m playing the grief of someone who’s passed on
The strings in my heart being plucked at violently

Aa kanashimi ni somaranai shirosa de
ORENJI no hanabira yureteta natsu no kage ni
Yawarakana hitai wo nakushite mo
Akaku someta suna haruka koete yuku
Sayonara no RIZUMU

In the pure white unstained by sorrow,
the orange petals stirred in a summer shadow
Even if my soft brow is lost,
I’ll cross over the far off, red-stained sand
The rhythm of farewell

Omoide wo yakitsukushite susumu daichi ni
Natsukashiku me fuite yuku mono ga aru no

Branded into my memories, on the ever-turning earth,
there is something sprouting in remembrance

Akatsuki no kuruma wo miokutte
ORENJI no hanabira yureteru ima mo dokoka
Itsuka mita yasurakana yoake wo
Mou ichido te ni suru made
Kesanaide tomoshibi
Kuruma ha mawaru yo

Sending off the dawn’s carriage
Those orange petals are stirring somewhere even now
The peaceful daybreak I once saw
Until it is placed in my hands once more,
please don’t let the light go out
The wheels are turning

(thanks to bong e. for providing the lyrics)

yosi
san miguel, manila

part of the lost rolls

i used to smoke. i stopped two years ago today. i stopped cold turkey—i just didn’t smoke anymore. it wasn’t such a hard choice to make but it was a little late when i made that choice. it took me two years to regain most of what i lost and i have not fully recovered yet.

some say i was very lucky and that i got off easy. true. some life lessons are difficult and only learned after the avoidable mistake.

i used to smoke. i used to miss it but not anymore. its not worth missing.

i use rsync to backup files within the local network and also through the internet. rsync, by default, does not encrypt the data it transmits so to backup files via the internet one has to encrypt the data or the port that the data travels in using another software. for this purpose i use ssh (secure shell) to create an encrypted “tunnel” between the transmitting and receiving computers.

the conventions i’ll be using: remote means the server where i will be copying files from and local means the server where i will be copying files to. local is also where the rsync backup script is located and initiated.

my assumptions are that both remote and local servers are running linux and both have rsync and openssh installed.

when initiating a backup run from the local server, the remote server would normally ask for a password. this is obviously not good especially when i need to schedule unattended backup runs at odd hours of the day (or night). so for the script not to ask a password i need to generate a public/private pair of keys on the local server to be used with ssh.

to generate a public/private key pair, log in to the console in the local server:

$ ssh-keygen -t dsa -b 2048 -f /home/localbackupuser/local-rsync-key
Generating public/private dsa key pair.
Enter passphrase (empty for no passphrase): [press enter here]
Enter same passphrase again: [press enter here]
Your identification has been saved in /home/localbackupuser/local-rsync-key.
Your public key has been saved in /home/localbackupuser/local-rsync-key.pub.
The key fingerprint is:
94:87:e5:c3:d0:06:e4:09:3a:76:a2:d2:d7:9b:2e:cc localbackupuser@local

so now we have keys to use to authenticate between the local and remote servers. we now have to copy the contents of the local-rsync-key.pub into the authorized_keys file of the remote server (/home/remoteuser/.ssh/authorized_keys)

i would normally mount the remote server’s drive using sshfs (secure shell filesystem) and edit the authorized_keys file as if it was in my workstation. another way to do this is via a remote console.

for added security, you can limit the computer(s) connecting to the remote server by specifying the ip address of the local server along with the contents of the public key generated above (details here). this would be very useful if the ip address of the local server doesn’t change. unfortunately mine does.

next step is to test the backup script on the local server via ssh. if the backup script starts syncing with the remote server then all that is left to do is add and entry in crontab to automatically start the backup at the time you specify.

links:
using rsync and ssh
sshfs

i’ve been receiving a lot of these emails of late. they’re scams in my view. the first one came from the “facebook team” saying that i have to “submit a new, updated account agreement” and that i should “unzip the attached file and run the agreement.exe by double-clicking it.” the other is supposedly from the “microsoft team” providing a system scanner to check and get rid of the conficker.b virus in your computer. these are email scams to get a user to run the attachment which is actually a virus. so when you receive them just delete them.

below are samples of the scams i received. i’ll likely post an excerpt any new emails that i think are scams.

from the “facebook team”:

Dear Facebook user,

Due to Facebook policy changes, all Facebook users must submit a new, updated account agreement,
regardless of their original account start date.
Accounts that do not submit the updated account agreement by the deadline will have restricted.

Please unzip the attached file and run “agreement.exe” by double-clicking it.

Thanks,
The Facebook Team

from the “microsoft team”:

Dear Microsoft Customer,

Starting 12/11/2009 the ‘Conficker’ worm began infecting Microsoft customers unusually rapidly.
Microsoft has been advised by your Internet provider that your network is infected.

To counteract further spread we advise removing the infection using an antispyware program.
We are supplying all effected Windows Users with a free system scan in order to clean any
files infected by the virus.

Please install attached file to start the scan. The process takes under a minute and will prevent
your files from being compromised. We appreciate your prompt cooperation.

Regards,
Microsoft Windows Agent #2 (Hollis)
Microsoft Windows Computer Safety Division

watch out. these are scams. do not fall for them.

here’s the script i use on secure backup runs using rsync—with a little modification to the names and ip addresses for security reasons—but everything else is essentially the same. i have to run this through cron because the server is headless—no monitor. i just access it via the ssh console or browser from another computer.

#!/bin/sh

DATETMP=`date +%Y.%m.%d`
RSYNC=/usr/bin/rsync
SSH=/usr/bin/ssh
# the private ssh key of the local computer
KEY=/rsyncuser/.ssh/id_local
RHOST=remote.ip.addr.ess
RPATH=/remotedata/
LPATH=/localdata/
LOGFILE=/rsyncuser/rlog.$DATETMP.log
# contains the file extensions of files to be excluded from the backup
EXCLUDES=/rsyncuser/localexcludes
OPTS="--exclude-from=$EXCLUDES"

# check if rsync is already running
RUN=`ps x | grep rsync | grep -v grep | wc -l`
if [ "$RUN" -gt 0 ]; then
echo rsync already running
exit 1
fi

$RSYNC -avz -e "$SSH -i $KEY" $OPTS $RHOST:$RPATH $LPATH >> $LOGFILE

i leave an entry in crontab to run the script once each day. sometimes a backup run goes longer than 24 hours so i needed to check if rsync is already running in the server. if the script doesn’t check, it will run another instance of the script and would slow down the server or, worse, brings it down completely.

i have to encrypt all data that gets transferred between the two computers via ssh just in case a naughty third party is “listening in”. i use 2048-bit encryption. processing the data—encrypt at remote; decrypt at local—is a little slower but i am more confident that the data will be safe from eavesdroppers.

i use the exclude-from option to exclude files that shouldn’t be backed up—music and movies—or else the backup will take too long especially on just a dsl line.

if you notice anything wrong with the script, please leave a comment.

note: this is repost from my old blog.