JDPFu.com 2025

Open WiFi is convenient, but not secure. All of us need to help people and businesses providing Open WiFi understand the issues so they will stop providing it.

The real problem is that most people do not understand how insecure Open WiFi is. There’s a new Firefox extension that grabs social network connection credentials from people around on an open wifi network. That extension works on Windows, Mac OSX, and soon, Linux. It is named FireSheep and anyone can get the FireSheep extension here AND it is trivial to use. This extension lets the nearby cracker act as if they are you on the social websites. They can post to twitter as you, they can update photos on facebook. For all important uses, they ARE you with just a click of a button.

The Fix – Easy

What is the fix? It is simple, just enable a trivial WPA passphrase for the WiFi access point. That’s it. This method is useful for all those small businesses to prevent most of the hijacking computer attacks, while still not really causing issues for their clients. For a simple example passphrase, Starbucks could use … er … “starbucks.” That would be enough to foil the FireSheep extension.

Not Secure Enough for Home or Business WiFi Networks

Ok, so this fix is just for places that provide an open wifi hotspot for clients and definitely should not be used by any business for their private network or by any of us in our homes. For small businesses and homes, you really want to follow my WiFi Security Checklist.

The Best Fix

Another way to solve this issue – a better way – is for all websites with a login to use SSL encryption for everything, all data. No exceptions. 10 yrs ago, that would have been computationally unreasonable. These days, having everything SSL encrypted adds about 3% overhead to bandwidth and compute requirements. That isn’t a big deal for almost any website to handle. The newest CPUs from Intel include special instructions to make AES encryption/decryption even less computationally intensive – becoming a non-issue.

If you have a website with encryption, please force SSL connections. There are some very easy ways to do this without touching the website. Simply use a reverse proxy like pound to provide the SSL connection handling, then forward the request to the back end web servers. This web site, jdpfu, uses pound to proxy both SSL and to perform load balancing of traffic across 3 server instances. Connections with logins stay on the same server instance, so there’s no session confusion between the different server. All the web servers read and write to the same DB instance. SSL connections are all handled in pound and the application doesn’t know anything about it.

If you need help setting up pound, let me know below.

To have a web site on the internet, you need just 4 things.

1. Registrar – these guys sell you the .com, .net, .org, .co.country, etc …. They maintain the ‘whois’ record. That’s it. The Registrar needs a record that points to your … DNS provider – also called a name server and backup name server record.
2. DNS – Domain Name Service. This connects the domain name that you bought to the IP address(es) of the computers where the web site runs.
3. Public IP Address – Any public IP address that is not on a private network or filtered for the service you want to make available. The service is usually HTTP on port 80 and/or HTTPS on port 443. Those are the default ports. Most people/companies will pay a hosting provider for both an IP and a server.
4. Web Server – this is the computer program that listens on either port 80 or 443 and responds with the content you specify. While any ports can be used, end users are use to ports 80 and 443, so it is unusual to see other ports used. I’ve used other ports and seen how that lowers traffic, but it also breaks many content spamming programs.

Optionally, you may also need an SSL Certificate for encrypted web connections. These days, many websites have decided that only allowing SSL-based connections is worthwhile.

That’s all you need. Do you see how each of these things fit together so my-neat-domain.com becomes an IP and then shows a web page from a web server? Simple and it works billions of times every hour.

The BBC is reporting that internet connectivity with Burma (Myanmar) has been effectively shut down in advance of the first elections held there in 20 years.

Only 200 PCs Needed

If the BBC report is true, it would only take 200 relatively low speed internet connected PCs to take the country of Burma off line. Let me explain. In the BBC story about Burma, it is stated the entire country is connected to the internet over a 45Mbps link, that’s a DS3 to the network and telecom people. It isn’t much bandwidth for an entire country.

To take any network or servers off line, all that any attacker needs to do is effectively cause your network to be too busy for user connections to get through. Just like a busy signal on your telephone. Doing that’s isn’t very hard.

Only 15 PCs connected with common home bandwidth could take down the country of Burma. That isn’t many PCs is it. Even the slowest broadband connections have 256 Kbps, which means only 200 PCs are needed with that upstream connectivity to take Burma effectively off line. If a botnet controller wanted to attack an IP and they have 100,000 PCs, that translates to 25 Gbps. Most companies, even with large pipes like a Fortune 100 company has, would be taken off line. 200 PCs is a small number and could be quickly blocked, which is why botnet owners have 100,000 – 5M PCs.

So the HD-Nation video-cast (available online or on your TiVo) did a few episodes about what you can do with MKV containers for your media.

• Episode 68-MKV Basics
• Episode 69-User Feedback – MKV part is about 28 minutes in.

Below are a few other links about MKV Containers and a few shell scripts to get the MKVs to playback correctly.

Seems that 2GB isn’t enough for some specialized PBX Linux solutions to build, so I found myself needing to increase the size of a KVM virtual machine image on running Ubuntu Server 10.04 Lucid Lynx in the VM. This technique probably will not work for sparse or VMDK-based VM images. It should work for Xen and KVM IMG-base VM files, however. Anyway, below is how I did it.

Here’s a simple one question test for whether you have good backups or not.

Question: If any of your main hard disks started making a loud clicking sound right now does that idea freak you out or make you nervous?

If you have any answer beside, “No, bring it on” then your backups aren’t good enough.

Simple. I KNOW that I can wipe my HOME directory from my main system and be completely fine. There is the backup from last night on another machine that I can restore easily. If I really need access, those files are available while on the other machine too. Further, there are 90 days of incremental backups available, so if I delete something important and don’t miss it for a few weeks, I can still get it back. Honestly, I’m less confident about some other system backups, but my main desktop computer and all the company server machines don’t cause me any worry at all. I’m 100% confident. Sure, it could be a hassle, but a few hours later, the data would be back. That’s the point of backups, right? Sometimes, about 2 times a year, one of my system backups fail or get corrupted in some way. As long as that doesn’t happen on the same night that the source system has a failure, I’m fine.

For really important data, there are multiple copies on multiple systems, so even if there is some corruption, there are other copies available. Worst case, I could loose 2 days of data, but not everything. I’d restore the OS, applications, application settings AND the data. Because we use virtualization, we aren’t tied to specific hardware … pretty much any current machine can be used to restore onto. There’s no need to search for a specific RAID controller or motherboard or … whatever. Virtualization frees us from that stuff.

Of course, much of my confidence comes from actually performing restores and seeing them work. While we all say to practice the restore, most people don’t have a spare machine to try it out. I know we don’t, but every once in a while, an accident happens and a restore is the quickest answer.

Shouldn’t you be that confident about your backups too?

21 of the Best Free Linux Backup Tools – but this list doesn’t include my favorite, rdiff-backup. Sniff, sniff.
Lifehacker Backup – For anyone running Windows7, just use the built-in backup tool. It is very good and behaves much like rdiff-backup. For Windows Servers, open your wallet and check out Netbackup or EMC Networker. For VMware backups (ESX/ESXi), Trilead VMX is fairly inexpensive as far as VM backup tools go, but it doesn’t support incremental backups.

Here’s a link to the Mega List of Set Top Media Playback Devices in google docs.

Many thanks to Tekzilla’s Veronica Belmont for starting this list and to the crowd for filling in the details. There is so much data inside that it cannot be copy/pasted from google-docs. File—Save As …. is required. It really isn’t that extensive … the cells are A1 … T73 when I looked today.

Devices currently listed include:

• Roku HD, XD, XD|S
• WD TV Live HD, WD TV Live Plus HD
• Tivo Series 3 HD/HD XL
• HD Fox T2
• Boxee Box
• Popbox
• Nintendo Wii with Homebrew channel & apps: www.wiibrew.org
• Popcorn Hour A-110
• Popcorn Hour C-200
• Logitech Revue
• Xbox 360 (Slim)
• PS3 (Slim)
• HDI Dune
• Apple TV 2nd Generation
• TiVo Premier XL
• Apple Mac Mini 2010 (HDMI)
• Sony Network Media Player With Wi-Fi
• Xtreamer

MediaGate and other similar competitors are missing. Software-based media players can’t be included, so Windows7 Media Center, Linux MediaTomb, MythTV and other similar tools aren’t listed either.

Seems that taking this data and making a search-able web DB would be fairly trivial. For example, I want only 1080p and netflix devices – don’t show any others. Hummm.

If you’ve ever been frustrated talking with tech support drones trained for Microsoft stuff only who think that rebooting a PC actually fixes things. http://xkcd.com/806/

As I try to improve my Spanish skills, I find that having both the audio and subtitles for my DVD movie collection easily available is helpful. The easiest and most accurate way to pull multiple audio tracks and multiple subtitles out of a DVD is with avidemux.

Here’s an excellent guide for converting DVD-based subtitles into SRT files.

If you’re like me, you take notes all the time. You may have tried using paper, todo lists, spreadsheets and even personal wikis like TiddlyWiki or SoloWiki to accomplish this. Having the notes available at home, at work and when you aren’t connected is a requirement. Well, I accidentally came across a new browser/javascript tool today called Memonaut

I’ve just played with Memonaut a few minutes. It does bulleted lists, indented lists, numbered lists and generic notes all with HTML and JavaScript. There’s some lite formating too – bold, italics, strike-through, etc. The setup is like TiddlyWiki – you open a specific HTML file and start adding content. Then you “Save” the file to store the updates. Certainly there will be performance/size issues when lots of content is added, but then you just archive the file and start a new one, perhaps monthly? TiddlyWiki was used at a previous employer to share How-To Team information after we were merged into an other group. That data sharing probably saved lots of jobs because about 30 people who were trying to understand how things worked AND who to call for “x” were able to centrally store and access that data.

Did I mention that this works when you’re offline?

Anyway, Memonaut could be worth a look. Obviously this is cross platform AND it requires JavaScript to be enabled in your browser for local HTML files (which could be a security concern).

Enjoy.