my rathole: July 2004

Want to securely partition VMs? One option is to put 'em in Jail.
ACM Queue - Building Systems to be Shared Securely - Running multiple virtual servers on one machine makes sense, but what happens when not everyone plays nice?

FreeBSD system programming
A new book on BSD system programming has been released. And, in the spirit of open source, the book was released using the GNU Free Documentation License. Anyone interested in system programming on the BSD's can use this.

StyleBoost - Sweet and lovely links since 2001

CssBeauty - CSS Design Showcase
Cssbeauty.com is a project focused on providing its audience with a database of well designed css based websites from around the world. It's purpose is to showcase designers' work and to act as a small portal to the css design community.

Suckerfish Dropdowns: A List Apart
“DHTML” dropdown menus have notoriously involved nasty big chunks of JavaScript with numerous browser-specific hacks that render any otherwise neat, semantic HTML quite inaccessible. Oh, the dream of a lightweight, accessible, standards-compliant, cross-browser-compatible method! Enter Suckerfish Dropdowns.

Stopdesign | Throwing Tables Out the Window
With the CSS waters thoroughly tested by many sites that have taken the plunge, it’s time for us to start cheering from the water below, coaxing and encouraging those who haven’t yet jumped in, to make that jump. There’s no longer any reason to use tables for layout, nor is there reason to maintain multiple versions of a site solely for different desktop browsers. Throw the tables out first. Trust us, they’re not needed anymore.

ANSARI X PRIZE
The ANSARI X PRIZE is a $10 Million Dollar prize to the first team that:

› Launches a piloted, privately-funded spaceship, able to carry 3 people to 100 kilometers (62.5 miles)

› Returns safely to Earth

› Repeats the launch with the same ship within two weeks

portaudit -- system to check installed packages for known vulnerabilities
portaudit checks installed packages for known vulnerabilities and generates reports including references to security advisories. Its audience are system administrators or individual users.

portaudit uses a database maintained by port committers and the FreeBSD security team to check if security advisories for any installed packages exist. Note that a current ports tree (or any local copy of the ports tree) is not required for operation.

This package also installs a script into /usr/local/etc/periodic/security that regularly updates this database and includes a report of vulnerable packages in the daily security report.

If you have a vulnerable package installed, you are advised to update or deinstall it immediately.

Flexbeta - Gmail, Is It Worth The Wait?
With a handful of new and already established email services offering free and paid email subscriptions with a massive amount of space, is Google’s Gmail worth the wait? Many websites, such as Spymac.com, already offer 1 GB of email space before Google announced its plans for 1 GB email; so what makes Gmail so special?

The Attention Bond Mechanism - A Protocol Overview
This document is one of a group of related documents that together describe the Attention Bond Mechanism (ABM). The ABM is a means of using sender-warranties to eliminate spam, restore message quality, and improve the value of communication via email and other media.

SARE - SpamAssassin Rules Emporium
Greetings all! We have created this quick bunch of web pages to help contribute to the SpamAssassin community.
Our main goal here is to simply have a TON of custom rules written by people for SpamAssassin (SA), and to help others learn how to write their own rules. A typical spam may score 3.0 points, but with a few SARE rulesets it will jump to 35.0!

Hypertext Style: Cool URIs don't change.
What makes a cool URI?
A cool URI is one which does not change.
What sorts of URI change?
URIs don't change: people change them.

Ten Steps for Cleaning Up Information Pollution
Better prioritization, fewer interruptions, and concentrated information that's easy to find and manage helps people become more productive and stop wasting their colleagues' time.

The internet is shit.
It is vitally important that we all realize this and move on. People (eg Bloggers) go on and on about how wonderful it is. About how much information is out there in cyberspace. About the way that everything is within reach in just a few clicks of their mice...

More links about SPF

SPF: Sender Policy Framework
The Anti-Forgery solution that's making the world a safer place for email.

MTA Authorization Records in DNS (marid) WG
It would be useful for those maintaining domains and networks to be able to specify that individual hosts or nodes are authorized to act as MTAs for messages sent from those domains or networks. This working group will develop a DNS-based mechanism for storing and distributing information associated with that authorization.

The SPF Setup Wizard
Most domains send outbound mail through a relatively small number of servers. Domains should describe that set of servers in an SPF record in their DNS. Internet email receivers can then reject forged messages which don't come from an envelope sender domain's approved servers. This wizard helps domain owners identify all the servers which could be expected to send mail from their domain.

libspf2 - Home
libspf2 implements the Sender Policy Framework, a part of the SPF/SRS protocol pair. libspf2 is a library which allows email systems such as Sendmail, Postfix, Exim, Zmailer and MS Exchange to check SPF records and make sure that the email is authorized by the domain name that it is coming from. This prevents email forgery, commonly used by spammers, scammers and email viruses/worms.

Microsoft to enforce Sender ID checks
Microsoft Corp. will soon put some bite into its Sender ID antispam plans by checking e-mail messages sent to its Hotmail, MSN and Microsoft.com mail accounts to see if they come from valid e-mail servers, as identified by the Sender ID, according to a company executive.

First Contact Within 20 Years: Shostak
If Intelligent life exists elsewhere in our galaxy, advances in computer processing power and radio telescope technology will ensure we detect their transmissions within two decades. That's the bold prediction from a leading light at the Search for Extraterrestrial Intelligence Institute in Mountain View, California.

HNS Review - Exploiting Software: How to Break Code
Today, when software complexity is growing at a fast pace and IT infrastructure security is more important then ever before, software designers, developers and system administrators are faced with serious problems when it comes to designing, building and deploying a secure IT infrastructure.

It may sound like a really simple taks. We can always apply the "golden rule" of "security through obscurity", and believe people out there are so stupid they won't find a way to break into our systems. I believe these days are gone, forever. If you want to gain more knowledge on these very complex topics, keep reading, and keep an open mind!

apachefriends.org - very easy apache installation
Apache Friends is a non-profit project to promote the Apache web server. It was founded in the spring of 2002 by Kai 'Oswald' Seidler and Kay Vogelgesang. The following activities are our contribution towards promoting the web server and related technologies.

Introduction to PHP Image Functions

PC World New Zealand - PC World at 15
It was 5475 days ago today, or thereabouts, that your favourite computer magazine first hit newsstands. PC World lifer Chris Keall looks back on the laughter, the tears and the $24,000 386.

NewsForge | Open source usability is a technical problem we can solve on our own
Poor usability is a huge barrier to wider open source adoption. Our backends have matured and we consistently achieve technical excellence. Usability is the one area we have not yet mastered. For some reason, we treat it as a mystery instead of looking at it as a problem we can solve the same way we solve all other technical problems.

Test With 5 Users (Alertbox)
Some people think that usability is very costly and complex and that user tests should be reserved for the rare web design project with a huge budget and a lavish time schedule. Not true. Elaborate usability tests are a waste of resources. The best results come from testing no more than 5 users and running as many small tests as you can afford.

user instinct: GNOME 2.6 Usability Study and Review
A usability overview of one of the larger open source software projects: the 2.6 version of the GNOME desktop and developer platform. We look at how well GNOME lives up to its challenge of being the desktop for the masses, including a lengthy survey of a group of new users and their reactions to the system.

Social networking tools face uncertain future
Internet-based social networking tools are the hottest thing to hit Silicon Valley in the last 12 months. But they face a shaky future.

Google's fraud squad battles phantom clicks
analysis Internet marketers facing higher advertising fees on search networks are becoming increasingly concerned about a form of online fraud that was thought to have been con"

Web Pages That Suck learn usability and good Web design by looking at bad design
Vincent Flanders: "I started this site back in July 1996 so I wouldn't have to teach a class on Web design. Since I'm one of those extremely clever marketing folks, I chose a name that had marketing appeal and was edgy. I could have more accurately called the site "Web Pages That Have Problems" but nobody would remember and it's boring. I'm not boring.

The purpose of this web site is to help people design effective and aesthetically pleasing web pages. My methodology is somewhat different. I believe that if someone is exposed to bad web page design they'll be less likely to use these techniques in the pages they create.

People often commit the same mistakes over and over and over and over -- you get the point. By pointing out these mistakes, and being told that they are mistakes, you can avoid them when you design your web pages."

HTML Dog - HTML and CSS Tutorials, References, Articles and News
The web designer's resource for everything HTML and CSS, the most common technologies used in making web pages.

If you are a beginner, the step-by-step HTML Beginner's Guide will get you started. If you are already a competent web maker, the HTML Advanced Guide and CSS Advanced Guide are the places to look for advanced tips, tricks and good practice techniques.

PHP vs. ASP.NET
One developer's view of the pros and cons of the two most popular means of building web applications.

New O'Reilly books:

ONLamp.com: Why PHP 5 Rocks!
PHP 5, which was released earlier this week, is the first major release of PHP in years to focus on new features.

SMTP STARTTLS in sendmail
Sendmail 8.11/ 8.12 support SMTP STARTTLS as defined in RFC 2487 which is based on TLS. This document describes the necessary steps to use this feature.

How to set up SMTP AUTH
This is a simple "how to." This is for anyone out there who has ever wanted to simply add authentication to sendmail. All this page will do is show you one way to configure sendmail and Cyrus SASL libraries to set up a mail server that requires client authentication to send e-mail. This is not a detailed tutorial of either sendmail nor Cyrus SASL. For more detailed sendmail help, I strongly recommend going to the Official Sendmail Website or the comp.mail.sendmail newsgroup. For more in-depth discussion of SMTP AUTH with sendmail, try http://www.sendmail.org/~ca/email/auth.html.

DNS Report
This site will provide you with a DNS report for your domain. A very large percentage of domains have DNS problems; this site will help you find those problems and fix them. Also, the "Mail Test" tool will help find mail delivery problems for your domain.

Best Practical Solutions - RTFM: The RT FAQ Manager
RTFM is an enterprise-grade knowledge management tool that enables an organization to easily capture and share its employees' knowledge and wisdom.

Just as you use RT (the world's leading open-source ticketing system) to log tickets and resolve issues, RTFM lets you open, categorize and search for "articles." Like RT, RTFM lets your users contribute additional information to existing articles and makes sure that each article's full history is preserved for future inspection. RTFM makes it easy to quickly search the knowledge base and find critical information.

Best Practical Solutions - RT: Request Tracker
RT is an enterprise-grade ticketing system which enables a group of people to intelligently and efficiently manage tasks, issues, and requests submitted by a community of users.

The RT platform has been under development since 1996, and is used by systems administrators, customer support staffs, IT managers, developers and marketing departments at thousands of sites around the world.

Free DNS service - Easy, web-based domain manager - ZoneEdit.com
Managed DNS Service - Did your registrar sell you a domain name, then leave you without any DNS? ZoneEdit.com provides DNS, with an easy front end. Just type in a domain name and an IP address on a web page, then browse to the domain you've created, instantly! And more...

Mailinator
In our internet world, you often need an email address NOW. Signing up for an email service takes time - that's probably ok for most emailing, but every now and then you need a quick email address for just a single email. After that you don't care what happens to it. Given that such disposable email is ready at your disposal, you can avoid giving out your real email address when you are afraid of getting spammed. Instead, make up any address @mailinator.com on the spot and go check it later.

Dynamic Network Services, Inc. -- DynDNS.org -- Welcome
Dynamic Network Services, Inc. is a leading provider of Domain Name Services (DNS). We provide full managed DNS hosting, Dynamic DNS, Static DNS, web redirection, e-mail, and domain registration services. Maintaining 100.000% DNS uptime with over three quarters of a million users, we offer the flexibility, support, and service to ensure a strong and reliable presence on the Internet for you or your business.

spamgourmet - free disposable email addresses, spam blocking
Hey sorry to hear about your dog. Hey I just gotta tell you about this amazing service I found! It's called spam gourmet, and you can go there by clicking on this link: http://www.spamgourmet.com. It's truly amazing! They provide disposable email addresses and spam filtering. You can 'set it and forget it' or come back once in a while and change your settings. And best of all, it's totally free! OK. I gotta run -- I have to tell others about this fantastic service I found at www.spamgourmet.com!

Samba-3 by Example: Practical Exercises to Successful Deployment

Here’s the Samba-3 cookbook you’ve been searching for! This book’s complete configuration files, step-by-step implementation instructions, network diagrams, and automated scripts make Samba-3 deployment a breeze. From small office networks to enterprise environments, here are proven configurations and expert guidance you won’t find anywhere else. Long-term Samba Team member John H. Terpstra covers all these scenarios, and more:

* “No frills” Samba servers: replacing Windows 9x peer-to-peer networks and supporting Windows 2000 and XP clients
* Small- to-mid-sized networks requiring basic security, user groups, and remote access
* Secure, scalable networks with domain logons and roaming profiles
* Deploying Samba in environments that utilize routers and firewalls
* Improving network user experience through desktop profile controls, policy controls, and folder redirection
* Full-fledged enterprise network environments—with hot tips to enhance availability and performance
* Migrating seamlessly from Windows NT 4 to Samba-3
* Adding UNIX/Linux clients and servers to your existing Windows networks
* Guidance for integration of Samba-3 into your Microsoft Active Directory Domain
* Configuration guides for DHCP, DNS and OpenLDAP servers to get the most out of your Samba network
* Includes guidelines for estimating server hardware needs

If you’re a Windows network administrator responsible for deploying or managing Samba, Samba-3 by Example is your indispensable resource.

Naenara-DPRK

Smarter Image Hotlinking Prevention: A List Apart
In Issue 185 of A List Apart, For People Who Make Websites, Thomas Scott offers “Smarter Image Hotlinking Prevention:”

Most web professionals are all too aware of the problems caused by hotlinkers. Leechers. Bandwidth thieves. People who use images hosted on your web server on their own pages. With PHP and mod_rewrite, you can prevent embedding and allow linking while automatically creating gallery pages for those direct linkers.

Documentation. TechnoMages, Inc. : Performance Comparison of iSCSI and NFS

Online Dictionary - HyperDictionary.com

ONLamp.com: User-Friendly Form Validation with PHP and CSS
Any non-trivial web application processes form data, and every secure web application has to validate that data on the server. Balancing security with user-friendliness can be tricky. Jeff Cogswell demonstrates one approach.

ONLamp.com: Paul Graham on Hacking
Paul Graham is a hacker, a painter, and an essayist known as much for his thoughtful writings on spam, hacking, and Lisp as for creating the Arc programming language. In this interview with the O'Reilly Network, Paul discusses hacking, creativity, computer science education, and language design. Paul's collection of essays has just been released in a new book from O'Reilly, Hackers & Painters.

ONLamp.com: A Day in the Life of #Apache (or whether to use Apache 1.3 or 2.0)
In Rich Bowen's latest column based on his conversations on the IRC channel #apache, he attempts to answer a question that comes up at least once a day, but which doesn't have one clear answer: whether to use Apache 1.3 or 2.0. Find out why the answer is not a simple one. Rich is a coauthor of O'Reilly's Apache Cookbook.

ONLamp.com: Spam Filtering with Sendmail Milters and Greylisting
With spam, viruses, worms, and trojan horses consuming an ever-increasing amount of mail traffic, mail filtering is more important than ever. So is mail server flexibility. Sendmail's milters allow administrators and programmers to control almost every step of the mail process. Emmanuel Dreyfus explains how to write a milter by demonstrating his anti-spam greylisting system.

ONLamp.com: Building a Web Cluster with FreeSBIE
If your high-availability solution involves lots of cheap, identical machines, perhaps booting from a LiveCD is the right choice. For the BSD crowd, FreeSBIE may be the best LiveCD option. Alexander Prohorenko demonstrates how to build a custom FreeSBIE CD while putting together a cluster of web servers.

ONLamp.com: Behind DragonFly BSD
For years we had FreeBSD for performance, NetBSD for portability, and OpenBSD for security. Now a new project, focused on innovation, has worked very hard and is ready to release its first version: DragonFly BSD 1.0. Federico Biancuzzi interviewed some of these innovators to discuss their interesting points of view.

Two thirds of emails now spam: official | The Register

A study from rival message filtering firm Clearswift out yesterday suggests financial spam (37.8 per cent) is close to overtaking pharmaceutical spam (40 per cent) as the most common form of junk email. Healthcare spam dropped from 57 per cent of unsolicited mail in March back to 40 per cent in April, with financial spam growing from 26 per cent in March to 38 per cent of total spam blocked by Clearswift in April. It is the second straight month financial spam has grown. Financial spam accounted for 11 per cent of junk mail blocked by Clearswift in February.

Meanwhile porn spam continues to decrease, reaching its lowest level since the inception of the Clearswift Spam index in June 2003. A year ago, porno spam accounted for 22 per cent of all junk email blocked by Clearswift. Sexually explicit spam has been on decline ever since, accounting for only five per cent of total spam seen by Clearswift last month. US Federal Trade Commission rules insisting that porno spam needed to be labelled as "SEXUALLY-EXPLICIT" came into effect last week.

Brightmail finds sanctuary with Symantec | The Register

Never afraid to dip into its monster cash pile when an opportunity presents itself, Symantec is going to buy Brightmail, one of the leading anti-spam vendors, for $370m in cash. The deal will improve Brightmail's position, although the prospect of Microsoft entering the anti-spam market is still a significant threat.

The deal has long been expected, despite the fact that Brightmail filed its IPO documents just a few weeks ago. The companies have had a close relationship since July 2000. Symantec owns 11 per cent of Brightmail already, and has a seat on the board. In the year ending 31 January, 2004, Brightmail made about 20 per cent of its $26m revenue from an anti-virus add-on it offered using Symantec's software.

Enrique Salem, Brightmail's CEO, said the deal presents synergies without excessive crossover. "Symantec has the market-leading anti-spam software for consumers, and we have the market-leading product at the gateway," he said.

He also said that Brightmail's OEM partners, which include IronPort Systems and Borderware Technologies, are safe following the deal.

Andrew Lochart, VP of product marketing at BMS rival Postini, was surprisingly positive about the news. "It eliminates one of the leading independent private companies from the market, which means the other companies, like Postini, all move up a notch," he said.

Mr Lochart also said the firm has rarely seen Symantec in competitive situations in the past. It also gives Postini, which has its sights set on an IPO too, a benchmark by which it could judge its own value.

Brightmail is probably a lot safer inside Symantec, which continues to grow and generate cash rapidly on the back of its consumer antivirus business, than it would have been alone, but both firms see Microsoft as a looming threat.

Microsoft is Brightmail's biggest customer, bringing in more than 10 per cent of its revenue, but is expected to build its own anti-spam software. It is also expected, at some point, to offer its own flavor of antivirus software, competing with Symantec.

Symantec acquires Brightmail for $390m | The Register