Internet & Related Stuff

For Internet and Related Stuff.

If you're a Kiwi you'd have to have been hiding under a rock to have missed the fact that Xtra's email service has been under siege lately.

In February, a significant number of xtra.co.nz email addresses - hosted by Yahoo in Sydney - were compromised. It appears that an organised botnet was able to access the mailboxes of many thousand subscribers, and use those mailboxes to generate spam emails (pointing at malicious web content) to email addresses found in those mailboxes - pulled from address books, sent items or similar.

The root cause has not been publicly announced by Yahoo, as far as I know, but I recall reading about a Cross Site Scripting issue involving Wordpress that sounds plausible in some respects. That said, I know that several of the accounts compromised (including one of mine!) have not been used in a long time - or at least, hadn't been, until this issue came to light... which makes one wonder how long this has been parked, waiting - or whether there is some _other_ vulnerability at work.

Anycase, there was a public outcry, and lots of 'change your password' advice being given out to account holders, and the rest of us got to suffer under a deluge of spam originating from Yahoo's servers - let's make it clear, it's not just the account holders that've suffered here, it's the folks they've corresponded with! - and in the aftermath Telecom had to announce a review of their email arrangement with Yahoo (to whom xtra.co.nz email has been outsourced for some years). NBR has a good article with the background, and their public announcement to stay with Yahoo on the grounds of a promise from Yahoo to 'do better'.

Havn't blogged in a while, but this one has me very motivated.

Solarwinds are a relatively well known IT Management & Monitoring Software company.
Amongst their commercial product suite(s) are free tools that they make available to people who simply have to provide their personal information (name, email address, some other information) so that they can collect information about who's using the tools. Supposedly.

I have personally used their TFTP Server and their Advanced Subnet Calculator at various stages over the last 7 years or so and been fairly happy with them; despite being bannerware they actually do what they advertise and the Subnet Calculator has been very helpful as recently as in the last 12 months. (I run Linux almost exclusively these days, but still flitter in Windows and when i'm there, these tools still feature).

Unfortunately for Solarwinds, they've ever compromised their standards and disclosed their user information publically, or... they've been compromised, and had their user information disclosed publically.

On 6 December 2012 I received a spam email to an address i'd only ever given to Solarwinds.com.

Noting this I engaged with Solarwinds via Twitter, who, to their credit, were prompt in responding and I forwarded a full-headers version to them at their request.

Unfortunately there's been nothing further from them, and today I received yet more Spam. Similar enough I believe it to be from the same crowd.

A quick look on their Facebook page shows i'm not the only one now receiving unsolicited email to an email address that was exclusively given to Solarwinds.com only. Noone else.

So it's time to put it 'out there'. Did you receive the above? To an address disclosed to solarwinds.com ? Surely a company such as Solarwinds must realise how scandalous this sort of thing can be - or is?

Not sure why Xubuntu didn't take a leaf from Ubuntu and make Vino a better integrated tool.. however you can install it, and you can configure it, and use it.
I used instructions from Ehow but the gist is:

# apt-get install vino

followed by

# vino-preferences

followed by creating a new auto-startup entry for

# /usr/lib/vino/vino-server

So knowing that my Ubuntu 10.10 was about to go out of support, I took the plunge and made two calls:

1) Ubuntu's move to Unity was not to my liking, and

2) I'd like to move to the new LTS; 12.04.

So I went to Xubuntu; the Xfce based Ubuntu variant.

Unfortunately, as it's only March 2012, 12.04 is only just into Beta stage. So my installation is Xubuntu 12.04b1 64bit.

First impressions? I like it. However there's been a few odds and sods i've had to deal to manually, and eventually i'll tie them into this blog article.

Browsers
I operate with Firefox as my main browser, and Chrome/Chromium as my second browser, used for mainly work-related things or where i'm testing for browser incompatibilities. Unfortunately Chromium doesn't seem to play well with other browsers, and where Firefox is otherwise configured as the default, this isn't necessarily true...

Anycase this was my fix to make Firefox take all the stuff that Chromium was stealing, in this case links presented via Pidgin IM:

root@hawkeye:/etc/alternatives# rm gnome-www-browser 
root@hawkeye:/etc/alternatives# rm x-www-browser 
root@hawkeye:/etc/alternatives# ln -s /usr/bin/firefox gnome-www-browser
root@hawkeye:/etc/alternatives# ln -s /usr/bin/firefox x-www-browser

More coming soon as I work through the kinks. On the whole i'm pretty damn happy with it so far, including the fact that it's able to run Gnome apps.

The New Zealand Network Operators Group Conference 2012 was held in Christchurch this year, and I was fortunate enough to attend.
The usual conference form is Workshops / Multi-Day tutorials Monday-Tuesday-Wednesday, half or full-day tutorials on the Wednesday, and the conference proper on the Thursday and Friday made up of a series of technical presentations (from 5 minutes to 45 minutes in length) on a variety of topics of interest to Network Operators.

NZNOG is the only event of its type in the NZ ICT calendar and serves as a useful way to keep up with current events, new developments and innovations in the NZ Networking scene.

Of course, there's always the light hearted side of things; Network Geeks are renowned for their beer-drinking prowess and well, NZNOG never fails... the proportion of NOGgers who don't drink do nevertheless get to have a great time.

I have Photos (See http://gallery3.blakjak.net/index.php/Events/2012/NZNOG-2012 and ) Video (see below) ;-)


BlakJak.net has been dark yesterday and most of today in protest of the U.S. Stop Online Piracy Act (SOPA) and PROTECT-IP Act (PIPA). The U.S. Congress is about to censor the Internet, even though the vast majority of Americans are opposed, and a significant amount of the Internet sits outside of US Jurisdiction. I've darkened my website in support of those attempting to kill off attempts to pass laws that breach our our global rights to free speech, privacy, and prosperity. Learn more at AmericanCensorship.org (for the American Viewpoint) or for a New Zealand take on things, check out Vikram Kumar's Blog and recent guest post to the National Business Review (Similar content, but with some very interesting responses). Vikram is Chief Executive of InternetNZ, the non-profit organisation dedicated to protecting and promoting the Internet in New Zealand. Among other things he notes that domain names within .com/net/org - like my one - would also be forfeit.

There's plenty of good media out there explaining why SOPA and it's ilk are BAD.
I'll link you these:


(November 2011)
and

(Yesterday).

One hopes that the amount of mainstream attention this is getting, will cause lawmakers to wake up.
In a wider sense it's disturbing how often 'blackout' responses are becoming relevant. Almost like lawmakers don't like to listen to their electorate, or to experts, when suggesting law changes. Sigh.

A headusp that due to what I can only describe as a clerical error, the virtual machine that hosted linux.net.nz has been deleted in the last few days.

I've temporarily set up a Listserv on the NZOSS infrastructure (which I host) to keep folks in the loop. All the people whos email addresses I had in my inbox associated with NZLUG and Auckland LUG have been subscribed. Others are welcome. Details are here. I will update this page as I hear further.

Update: Dylan Reeve, who owns/co-ran the linux.net.nz hosting server, has explained what went on in a blog post of his own. :( Until Nic returns from his holiday we're not sure where the various LUG's stands, except that Nic does think he has backups of all important data (notably the list membership database and mail archive for the list) as of a few months ago. So the data loss may not be huge in that front.

Can't speak for the website however....

More as I hear.

After having to challenge yet another unsolicited connection attempt on LinkedIn today I was inspired to throw some words into Google and see if anyone else had published anything regarding LinkedIn Connections.

I came across the following interesting reads:

I installed OpenShot yesterday and published my first Youtube vid edited with it: And i've embedded it here just coz it involves cats, and we all love cats... right?

Later on I observed that VLC was no longer installed on my machine.
I also observed I had some videos that wouldn't play anymore (in totem) due to missing Codecs.

I was prompted to check my apt/history.log file after someone on Facebook doubted the correlation... I suppose I should stop openly blaming things without checking... so glad I looked:

Here's an extract:

Start-Date: 2011-12-27 19:36:05
Commandline: apt-get install openshot
Install: melt:amd64 (0.5.6+git20100727-1, automatic), libavformat-extra-52:amd64 (0.6-2ubuntu3.2, automatic), openshot:amd64 (1.2.2-1), libatlas3gf-base:amd64 (3.8.3-22ubuntu2, automatic), libmlt++3:amd64 (0.5.6+git20100727-1, automatic), libsox-fmt-base:amd64 (14.3.1-1build1, automatic), libquicktime1:amd64 (1.1.5-1, automatic), python-mlt2:amd64 (0.5.6+git20100727-1, automatic), libsox-fmt-alsa:amd64 (14.3.1-1build1, automatic), libavutil-extra-50:amd64 (0.6-2ubuntu3.2, automatic), libcvaux2.1:amd64 (2.1.0-2, automatic), libavdevice52:amd64 (0.6-2ubuntu6.2, automatic), libpostproc-extra-51:amd64 (0.6-2ubuntu3.2, automatic), libmp3lame0:amd64 (3.98.4-0ubuntu1, automatic), openshot-doc:amd64 (1.2.2-1, automatic), libhighgui2.1:amd64 (2.1.0-2, automatic), libswscale-extra-0:amd64 (0.6-2ubuntu3.2, automatic), libgavl1:amd64 (1.1.2-3, automatic), frei0r-plugins:amd64 (1.1.22git20091109-1.1, automatic), libqt4-svg:amd64 (4.7.0-0ubuntu4.4, automatic), libcv2.1:amd64 (2.1.0-2, automatic), libxvidcore4:amd64 (1.2.2+debian-1ubuntu2, automatic), libgfortran3:amd64 (4.5.1-7ubuntu2, automatic), librtmp0:amd64 (2.3-2, automatic), libsox1b:amd64 (14.3.1-1build1, automatic), libmlt-data:amd64 (0.5.6+git20100727-1, automatic), libopenjpeg2:amd64 (1.3+dfsg-4, automatic), libmlt2:amd64 (0.5.6+git20100727-1, automatic), libavcodec-extra-52:amd64 (0.6-2ubuntu3.2, automatic)

Remove: libswscale0:amd64 (0.6.2-1ubuntu1~ppa1~lucid1), libavutil50:amd64 (0.6.2-1ubuntu1~ppa1~lucid1), libavcodec52:amd64 (0.6.2-1ubuntu1~ppa1~lucid1), gstreamer0.10-ffmpeg:amd64 (0.10.11-1), vlc-nox:amd64 (1.1.4-1ubuntu1.7), vlc-plugin-notify:amd64 (1.1.4-1ubuntu1.7), libpostproc51:amd64 (0.6.2-1ubuntu1~ppa1~lucid1), libavformat52:amd64 (0.6.2-1ubuntu1~ppa1~lucid1), vlc:amd64 (1.1.4-1ubuntu1.7), vlc-plugin-pulse:amd64 (1.1.4-1ubuntu1.7)
End-Date: 2011-12-27 19:38:00

plenty of vlc packages removed as a result of installing OpenShot... and a swag of codecs...
reinstalled vlc and let totem go codec hunting, at least I have a list of what's missing now should I need it... I should've paid more attention to what it was up to I think!

... I have found that over time i've developed the habit of using Ctrl-W to close Windows.
I suppose this replaced the old Ctrl-F4 habit I used to have when I realised that Ctrl-F4 was very much a Windows-Only thing and that Ctrl-W was more widely supported (in particular, in Firefox, regardless of OS.)

Today after closing Firefox inadvertantly (by hitting Ctrl-Q, instead of Ctrl-W, by accident, and not for the first time!) I threw a frustrated search into Google, pondering whether Ctrl-Q could be disabled.

What do you know.... It Can. Keyconfig installed, and configuration changed.
I also took the opportunity to disable the F12 mapping for Firebug - another Firefox addon that I have installed and use very occasionally - but not often enough to justify stealing the F12 mapping (that I do have to use elsewhere - mainly when using the remote KVM on our blade chassis at work...!)

I must admit it really is great to be able to use a tool like Firefox and know that there's an addon for just about everything. :-) I have FireFTP, Adblock Plus, HTTPS-Everywhere, Firebug, Gmail Manager, NoScript and User-Agent Switcher (off the top of my head) and the best part is that I can use those addons on any of my machines, as long as they run Firefox (of a current nature). Windows, Linux, the lot.

Now if only they hadn't changed to this crummy version numbering schema they're now using to keep up with the Joneses, or is that, the Googles...

Syndicate content