IT Administrators

To my dismay today, I ran into a problem with Firefox 3 Beta 5 on Hardy Heron.  Apparently, Mozilla has decided to put the screws to people who sign their own certificates or use certs not issued by their own domain by creating a four step process to bypass the error message.  Here is an explanation: http://wiki.mozilla.org/Security:SSLErrorPages

I was attempting to access an APC UPS inside my company’s network (translated If I am subjected to a man-in-the-middle attack, it is no one’s problem but mine and my department’s.)  APC signed the cetrificate and I was accessing it by IP address inside my network.

So, explain this one to me Mozilla… Is APC supposed to drop their encryption on their UPS systems or do they just have to pay their employees to rewrite the code so I can go out and buy a certificate for this device?  Do I have to register this with my internal dns so it’s easy to remember the way back to it and the students where I work can memorize it’s name?

Perhaps this needs to be removed out of the final version of Firefox 3 and you can write an extension that makes everything break!

This one was driving me nuts and I finally found a solution. For several weeks, Thunderbird has not been opening links I click on them. I found a solution here: http://ubuntuforums.org/showthread.php?t=502651

1. Open Thunderbird version 2.0.0.14
2. Go to the Edit menu
3. Click on Preferences
4. Click the Advanced tab
5. Click the Config Editor button.
6. An about:config window will open up.
7. In the Filter box, enter network.protocol-handler.app.http
8. If the editor is unable to locate it, create a new string and input network.protocol-handler.app.http.
9. Enter firefox for the string value.
10. Close out and restart Thunderbird.

Hyperlinks should now be available in your email!

I stumbled upon an amazing research tool toady while I was searching for a download management Firefox extension today.  Zotero is more than just a download tool.  It is a literary reasearch tool which allows you to track web citations, bookmarks, and the like from within the browser.  I would traditionally create a Bookmark folder and dump links into it until I fealt I had enough to write a post.  However, with Zotero, all my notes, bookmarks, and files from the web are stored inside a project file that my browser stores.  I cannot comment enough on the professionalism that went into this extension.    Unlike the usual extensions that do little tricks for you (downloading YouTube videos for example) this one is an actual productivity tool.  I hope this is a sign that more professionals are seriously moving to open source software development.

Zotero can be found at http://www.zotero.org/

I’ve added a GrandCentral button over on the right hand side to leave me a voicemail with any suggestions / complaints / praise you may have for the site. Also, please leave me a message if you are a sys admin interested in starting an IT podcast. It is completely up in the air what the schedule will be like, but I’m hoping to start off slow, maybe 12 episodes a year. Nothing too formal or stuffy. It will probably start out as a skype conversation and grow from there.

For several years, a dark cloud has hung over the US open source community. Mostly triggered by the “SCO v. Everybody cases”, this cloud is the fear that some manner of patent could bring down open source projects, such as the kernel itself.

Two days ago, Red Hat, the Electronic Frontier Foundation, the ACLU, the Free Software Foundation and several others have chimed in that it is time for patent reform by filing briefs in a case involving two guys trying to patent betting on the weather. I’m not a lawyer, so I’m not going to over-analyze this thing, but I will provide links to all the gory details.

http://www.press.redhat.com/2008/04/07/red-hat-asks-federal-court-to-limit-patents-on-software/

http://www.aclu.org/freespeech/gen/34783lgl20080403.html

http://www.eff.org/deeplinks/2008/04/bilski

http://www.law.berkeley.edu/samuelsonclinic/intellectual_property_0

http://www.groklaw.net/article.php?story=20080409033837121

I am testing the Hardy Heron beta right now. I’ll spare a recap of the features that everyone else is talking about and delve into a UI change that I noticed right away. Instead of having a million boxes all over your screen when you are deleting, copying , and moving files, there is one that stacks all your active Nautilus progress bars together. This is more than likely a feature of the new Gnome release, but being the geeky sysadmin that I am, it was the first shiny thing that caught my eye. I still haven’t tested Brasero, but I will try to over the weekend. K3B is really getting to be overkill even though it has been my favorite recording software for the past six years. I will post more results when I can.

For those not aware, Canonical now has a voting system setup for submitting your own ideas on how to improve Ubuntu, called Ubuntu Brainstorm. This is similar to the Dell IdeaStorm site that established Ubuntu as a distribution that Dell Computer needed to include purchase options for. Anyway, I have submitted an idea for community review and will include a link on the sidebar of this blog for your review.

My suggestion is providing a portal with tips, tricks, and directions for new and interested users. The idea may need some further documentation and thought, but I already have 64 votes as of this post. Feel free to check it out, and if you are at all interested, please consider voting for this idea.

Linc Fessenden from the Linux Link Tech Show mentioned OSSEC a few weeks ago and recommended everyone check it out. According to the project’s about page:

OSSEC is a scalable, multi-platform, open source Host-based Intrusion Detection System (HIDS). It has a powerful correlation and analysis engine, integrating log analysis, file integrity checking, Windows registry monitoring, centralized policy enforcement, rootkit detection, real-time alerting and active response.

It runs on most operating systems, including Linux, OpenBSD, FreeBSD, MacOS, Solaris and Windows. A list with all supported platforms is available here.

After testing it out on several of my machines, I can officially say it’s exactly what I was looking for in an IDS: something lightweight, cross-platform, and well documented. My setup involved installing it as a local instance on every machine, rather than the centralized config. Viewing the logs for every machine in one place doesn’t really appeal to me. I just need something that will nag me and say, “Hey, Dummy! You misconfigured that install you attempted at 3am. Fix it!” The added benefit of receiving the alerts offsite is that the existing records are stored in my Gmail. Even if someone did manage to root a computer, the logs wouldn’t be on the box and the creator of the kit wouldn’t be able to bury his/her tracks.

My hope is to test the centralized configuration in the future, but for the moment there is no benefit.

This is absolutely what I was looking for in intrusion detection. Go check OSSEC out when you get a chance.

I’ve been to this site before, but someone reminded me of it this morning. Aharef is a javascript that creates a graphical representation of a website. Is there any purpose to it? Of coursenot, it’s just cool.

http://www.aharef.info/static/htmlgraph/

Here’s what itadmins.org looks like:

I just wanted to post a few notes regarding my experiences with the SanDisk Sansa E260R. Today, I attempted to play a SecurityNow! podcast and, low and behold, the Sansa rebooted for absolutely no reason. I thought nothing of it. The stoplight had turned green and I switched over to XM instead. At the next light , I looked down at the seat and the Sansa was stuck in some kind of loop. The SanDisk logo would pop up, then the Rhapsody logo, then it would restart. I held down the power button and it turned off after about a minute.

This afternoon, Recovery mode worked (Hold Switch On, REC + Power) and I copied the latest firmware to it. After unmounting the drive, I disconnected it from the USB cable. To my astonishment, the same results occurred: still rebooting.

It was time to search Google. Everything pointed to the firmware. Someone even suggested loading the firmware 3 times to see if it would take. It was almost time to give up when I found a small post suggesting dropping a blank file called sansa.fmt onto the recovery partition. After an unmount, the Sansa Recovery Mode formatted the drive and it booted normally, minus all the content, of course. At least I didn’t loose the device!