Introducing YippieMove '09. Easy email transfers. Now open for all destinations.

That title sure caught your attention, right? It’s not as bad as it sounds. I’m not a Black Hat hacker, I just enjoy reading security related books.

Back in 2003 the famous/notorious hacker Kevin D. Mitnick released his first book called The Art of Deception which discussed different elements of security that relate to social engineering. When I read the book back then I was really both chocked and amazed how easily a well-skilled social engineer can gain access to the most sensitive type of information.

In his latest book The Art of Intrusion, Mr. Mitnick moves on from social engineering to discuss digital security. Since I personally have much more experience with digital security than with social engineering, the techniques used in the stories were not that exciting. The Art of IntrusionHowever, the plots of the stories were quite interesting. In a couple of the stories in the book the reader gets to follow security consults who work on penetrating various companies (the company names are not mentioned). Even though the techniques used by these consults were maybe not shocking in any way, the way thought was. The guys in these stories really know how IT-administrators at midsize and large corporation think, and where they’re likely to cut corners and be lazy.

- Did you disable all network ports that are not in use?
– Did you change the default password on all your network-equipped devices?
– Is your internal voice-mail system using the default password?
– Did you install the latest patches on all you servers? Even the internal ones?
– Did you disable all services that are not in use?

Even though the book brings little new technical knowledge to a tech-savvy person, it shows you how a skilled hacker can obtain important information about your system with, what you think is, trivial information.

Verdict: I would recommend this book to anyone who works with technology or security in a corporate environment. Also, if you haven’t read The Art of Deception, I’d also recommend you to read it.

Author: Tags: ,
Introducing YippieMove '09. Easy email transfers. Now open for all destinations.

Today we finally received our PO Box. I know many of you desperately been searching our site for an address to where you can send us fan-letters, high-tech gifts and regular checks. Look no further, here it is:

WireLoad, LLC
Re: PlayingWithWire
PO Box 390026
Mountain View,
CA 94039-0026

Now, don’t send too many gifts to us, because we have limited space in our post box.

Author: Tags:
Introducing YippieMove '09. Easy email transfers. Now open for all destinations.
Jan
30.
Comments Off
Comments
Category: Uncategorized

A little announcement just dropped into my mailbox: Apple Shuffles in Grey, Pink, Green, Blue and Orange.
Apple’s cute iPod shuffle now comes in multiple colors. Five different colors in fact: standard grey, pink, green, blue and orange.

You have to hand it to them: Apple knows how to do business. There is probably little doubt that they could have made these colorful little things from the start. The new Shuffle has been on sale for a while, but as opposed to the Nano, it only came in brushed metal grey. Then Apple happily sold that for a while, especially during the Christmas rush.

Then as soon as the novelty of the positively tiny shuffle was past, they made a new announcement. Brilliant colors!

Here’s the page on Apple’s site.

Author: Tags:
Introducing YippieMove '09. Easy email transfers. Now open for all destinations.
Jan
30.

Once in a while it happens. You know what I’m talking about, that ‘wow’-experience when you try out some new software.

This happened to us a couple of weeks ago. We were looking for a way to keep track of the server utilization. We needed to find out the usage during peak hours, to determine if it was time to upgrade to new hardware or buy another server soon or not.

After a bunch of hours googling and searching the Gentoo forum (guys, we’re still friends, right?), I found a thread that discussed this exact problem. After looking through a couple of the applications listed, I found it. The answer to all my problems was spelled Cacti.

Cacti is simply a web-based SNMP-client that uses RRDTool to generate nice graphs. Sounds quite simple, right? Why am I so impressed and excited? Because Cacti is really SNMP made easy.

I’ve been looking at similar solutions before, but everything I found felt very Beta / “Hack it to make it work on your system.” Cacti on the other hand was really easy to install and configure. It probably took me about 10 minutes to configure it for my needs, and then another 10 minutes to get a local SNMP daemon to run (even though this is not necessary).

Cacti requires the following:
– Apache (might work with other webservers)
– PHP
– RRDTool
– MySQL
– A crontab-job

After configuring the database-settings for Cacti, you just add a crontab to execute a given PHP-page (poller.php) on a given interval (5 minutes), and you’re set. Now you can start adding your other SNMP-enabled devices to your Cacti page.

Screnshot of a site running Cacti
One of the demo-sites listed on Cacti.net

So let’s say you have this cool device that supports SNMP, but you don’t really feel like writing a custom template for the device. Well, just head over to the Cacti forum and search for the device. Chances are you’ll find that someone already wrote a template for the device. Take a look at the forum and you’ll find that people have written templates for all kinds of random stuff.

Things that we use Cacti to monitor:
– CPU usage
– Memory usage
– Network usage (both servers, routers and APs)
– Individual daemons (Apache, MySQL etc.)
– Laser printers (to monitor toner level)
– UPSes (with a plugin to get info from NUT)

Some of our graphs:

CPU usage in Cacti
CPU Usage when PlayingWithWire.com got Slashdotted

Traffic usage in Cacti
Bandwidth status on one of our routers

Toner status in Cacti
The status of my HP Color LaserJet

It’s very convenient to just browse into Cacti to get a quick overview of your network/server utilization. In addition to that you can also select what specific time-span (daily, weekly, monthly etc.) you want to see. I love it.

If those things listed aren’t enough, just head over to the additional script-page where you find tons of other script for other purposes. By default, Cacti comes with templates for the most common SNMP-setups.

So did we need to upgrade our server? Nope, as it turned out, we were doing fine.

By the way, due to security reasons you might want to disable the guest account in cacti.

Update 1: As the Cacti Developer Tony Roman points out, regardless if you use Cactid or not, you will still need a crontab job. The article previously stated that if you use cactid, you won’t need a crontab job, which was wrong.

Author: Tags: ,
Introducing YippieMove '09. Easy email transfers. Now open for all destinations.
Jan
28.
Comments Off
Comments
Category: Uncategorized

You may have seen our farewell letter to blogger. And yes, it is true. We have switched from a Blogger system to a WordPress system.

The transition was made during the late hours of Saturday night. We hope we have caused as few disturbances as possible – we have even relinked every old article to its new permanent address (by hand none the less!). Still, let us know if there is anything that is broken or doesn’t seem to be working like it should. Your feedback is greatly appreciated.

So why did we make the switch? Well, as the first post hinted, we have had trouble with Blogger’s stability. But this was not the main reason we switched. The main reason was that even that we were hosting our own published version of our Blogger blog, there were a few links that were part of every page that went back to Blogger.com material. And despite Google’s legendary connection speeds, Blogger.com did not seem to get any of that. Time and time again we saw situations where the front page was not loading for several seconds as the web browser was waiting for a Blogger.com file. And whatever they were doing, they didn’t even seem to have cache control enabled. So these files would be fetched over and over again, possibly with a multiple second delay.

We don’t think WordPress is faster than Blogger. In fact, I’m very certain that WordPress is slower by an order of magnitude. Blogger generated static pages for all content. Every time a comment was posted, the relevant post’s static page file was updated. Every time a new post was made, old pages were regenerated with the relevant links to the new page. This of course is optimal. You can hardly make a web server any faster than it is when serving static pages, especially not with the right Apache configuration.

So in theory Blogger was extremely fast, and we will be taking a performance hit by switching to dynamic pages with WordPress. But in practice, Blogger was often very slow due to those few non cacheable header links. It shouldn’t take seconds to load a single page, especially not if all images are already cached.

So we didn’t have a choice. Blogger was pushing us to upgrade to the new version of Blogger, and if we did that we wouldn’t be able to use WordPress’s built in Blogger import feature, which we ultimately used to get all old posts and comments over to the new system.

That said, the switch wasn’t entirely because of Blogger’s drawbacks. There are some very nice things with WordPress. For example, you can create pages like our About page. This is a great touch of CMS functionality that saves us from the trouble of theming random pages by hand.

Next we will look into generating a new sitemap and page caching. We hope that your Playing With Wire experience is faster already though.

Please let us know if you find anything that doesn’t seem to work as expected.

Update 1: We did try to contact Blogger about the performance issues two months ago, but we never heard back from them.

Author: Tags: ,

© 2006-2009 WireLoad, LLC.
Logo photo by William Picard. Theme based on BlueMod © 2005 - 2009 FrederikM.de, based on blueblog_DE by Oliver Wunder.
Sitemap