Dec 24, 2011
Sorry, IT: These 5 Technologies Belong To Users
Dec 20, 2011
Windows 2003 Server Domain Time
I have a system with a 5 minute time delay. It's domain joined but for unknown reasons it has a 5 minute delay. Now being an e-commerce system this is a bad deal. Credit Card companies don't like it when transactions are delayed by 5 minutes (can you say "man-in-the-middle"?).
Now I just need to figure out why it was off in the first place.
Here is the command to reset the time to the Doman time.
C:\Documents and Settings\wal>net time /?
The syntax of this command is:
NET TIME
[\\computername | /DOMAIN[:domainname] | /RTSDOMAIN[:domainname]] [/SET]
[\\computername] /QUERYSNTP
[\\computername] /SETSNTP[:ntp server list]
C:\Documents and Settings\wal>net time /domain:your.domain.com /set
Current time at \\server.your.domain.com is 12/20/2011 9:56 AM
The current local clock is 12/20/2011 9:51 AM
Do you want to set the local computer's time to match the
time at \\server.your.domain.com? (Y/N) [Y]: y
The command completed successfully.
C:\Documents and Settings\wal>
Dec 15, 2011
Dec 12, 2011
Verify Email with Telnet
Stolen from: http://www.webdigi.co.uk/
We have all been doing email address validation for a very long time to make sure that the email is correctly formatted. This is to avoid users entering wrongly formatted email address but still they can accidentally give us a wrong email address.
Example of a correctly formatted email address but still wrong:
mailbox.does.not.exist@reddit.com [VALID email format but it does not exist]
Above case specifically happens when you take important customer email on phone and you type in the wrong email. So is there a QUICK solution to really check the email without sending a test message to the user? Yes.
The solution
A quick & simple check below can be implemented in most programming language including PHP, Python etc. It relies on using the same SMTP which is used to send emails.
To check if user entered email mailbox.does.not.exist@reddit.com really exists go through the following in command prompt.
First - Find mail exchanger of reddit.com
COMMAND:
nslookup – q=mx reddit.com
RESPONSE:
reddit.com MX preference = 10, mail exchanger = mail.reddit.com
mail.reddit.com internet address = 208.96.53.70
Second - Connect to mail server mail.reddit.com
COMMAND:
telnet mail.reddit.com 25
RESPONSE:
220 mail.reddit.com ESMTP Postfix NO UCE NO UEMA C=US L=CA Unsolicated electronic mail advertisements strictly prohibited, subject to fine under CA law CBPC 17538.45. This electronic mail service provider’s equipment is located in the State of California. See http://www.reddit.com/static/inbound-email-policy.html for more information.
COMMAND:
helo hi
RESPONSE:
250 mail.reddit.com
COMMAND:
mail from: <youremail@gmail.com>
RESPONSE:
250 2.1.0 Ok
COMMAND:
rcpt to: <mailbox.does.not.exist@reddit.com>
RESPONSE:
550 5.1.1 <mailbox.does.not.exist@reddit.com>: Recipient address rejected: User unknown in local recipient table
COMMAND:
quit
RESPONSE:
221 2.0.0 Bye
NOTES:
1) the 550 response indicates that the email address is not valid and you have caught a valid but wrong email address. This code can be on the server and called on AJAX when user tabs out of the email field. The entire check will take less than 2 seconds to run and you can make sure that the email is correct.
2) If email was present the server will respond with a 250 instead of 550
3) There are certain servers with a CATCH ALL email and this means all email address are accepted as valid on their servers (RARE but some servers do have this setting).
4) Please do not use this method to continuously to check for availability of gmail / yahoo / msn accounts etc as this may cause your IP to be added to a blacklist.
5) This is to supplement the standard email address javascript validation.
Dec 1, 2011
Importing Ringtones to iTunes
Nov 23, 2011
Nov 4, 2011
Lion, iTunes, Airport Express, IPv6 Bug
It seems that when upgrading to Lion you lose the ability to "disable" IPv6. After upgrading to Lion your IPv6 config will still be set to "off", but if you change it, that choice goes away. You are only left with Link-Local, Automatic, and Manual as choices. None of these will allow you to connect to an Airport Express.
According to this post on the Apple forums, setting it to "Link-Local" will disable it. However your iTunes doesn't think so. So following these instruction from that same post you can return it to the "off" setting that allows iTunes to work properly with your Airport Express.
I had to change both the Airport and the Ethernet configs to __INACTIVE__ before it would allow me to connect to my Airport Express.
Hello,
Here is what worked for me in Lion.
I edited /Library/Preferences/SystemConfiguration/preferences.plist
and changed the IPv6 ConfigMethod's string to __INACTIVE__ manually for the appropriate adapter. This is what I believe the GUI would change in SL10.6. Looks like it still accepts the option, Just dosen't provied it.
sudo vi /Library/Preferences/SystemConfiguration/preferences.plist
The section under your unique adapter key will look like this when you're done.
When completed reboot. Your inet6 address should not show for that adapter in ifconfig anymore.
Hope this helps.
<key>IPv6</key>
<dict>
<key>ConfigMethod</key>
string>__INACTIVE__</string>
</dict>
Nov 3, 2011
3.5 Million People Are Still Using AOL Dialup (!!!) [Factoid]
3.5 Million People Are Still Using AOL Dialup (!!!) [Factoid]:
EEEEEEEEERRRRRRRRRRRRRNDguzzzzzzzzzzzzzzzdungahdungahdungahhhhhhh. That sound you hear isn't a 56k modem, it's the sound of my brain collapsing upon itself as I read AOL not only has 3.5 million dialup users, but added 200,000 since last year. How can this be? More »
Oct 28, 2011
PaperCut 11.5 is now available for download
Along with usual collection of enhancements and fixes comes PaperCut Web Cashier. This feature will be useful for educational institutions and other organisations who want to offer a simple mechanism for users to purchase good and services, such as binding, using PaperCut accounts. As well as purchasing items, users can also make over the counter deposits.
Behind the scenes at PaperCut we have new staff member in Australia. Alec is joining the team as a technical project manager and many customers will get to hear from him over time. Not only he is already planning the next release but also committing code to our Subversion repo (using git-svn). Even the project managers need to be geeks here! Alec’s details have already been added to the about page so head on over if you want to see his important qualifications in coffee appreciation.
The full list of changes in version 11.5 can be found on the release history pages:
Release: VMware View Client for iPad v1.2
Fresh off the upgrade to the vSphere client for iPad comes an updated View client. You can head right to the download in iTunes here for the upgrade. As always, here’s the What’s new from iTunes:
What’s New in version 1.2
- Optimized for VMware View 5 with improved performance
- Support for iOS 5 including Airplay
- Presentation Mode for use with external display and Airplay
- Embedded RSA soft token simplifies login to desktop
- Background tasking to move between Windows and iOS apps
- Updated look and feel
- Integrated online help
- Buffered text input for multibyte text entry
- Now in French, German, Japanese, Korean, and Simplified Chinese
- Bug fixes
Sep 27, 2011
Geektool and Todotxt Desktop
One thing I have done that I haven't seen on many other examples is using the Todotxt todo list application for displaying my Todo list right on my desktop. I have it set to update every 30 seconds so it keeps things up to date and lets me know what to do next.
Just create a shell tool and have it run todo.sh. It is very simple and easy with no custom scripts or tools. Using custom shell scripts you could create many lists that display different projects, locations and priorities.
Here are a couple examples.
Tasks to do around the house:
todo ls @home
Stuff to do at work:
todo ls -@home
Buddhist task list:
todo ls @monastery + renunciation +harmlessness +goodwill
Aug 16, 2011
Firefox 6 patches 10 dangerous security holes
Aug 14, 2011
Another Malware Victim
Aug 5, 2011
Aug 4, 2011
Jul 19, 2011
NoScript Awarded $10,000
Jul 12, 2011
PuTTY version 0.61 is released
------------------------------
All the pre-built binaries, and the source code, are now available
from the PuTTY website at
http://www.chiark.greenend.org.uk/~sgtatham/putty/
It's been more than four years since 0.60 was released, and we've had
quite a lot of email asking if PuTTY was still under development, and
occasionally asking if we were even still alive. Well, we are, and it
has been! Sorry about the long wait.
New features in 0.61 include:
- Support for SSH-2 authentication using GSSAPI, on both Windows and
Unix. Users in a Kerberos realm should now be able to use their
existing Kerberos single sign-on in their PuTTY SSH connections.
(While this has been successfully deployed in several realms, some
small gaps are known to exist in this functionality, and we would
welcome further testing and advice from Kerberos experts.)
- On Windows: PuTTY's X11 forwarding can now authenticate with the
local X server, if you point it at an X authority file where it can
find the authentication details. So you can now use Windows PuTTY
with X forwarding and not have to open your X server up to all
connections from localhost.
- On Windows: the Appearance panel now includes a checkbox to allow
the selection of non-fixed-width fonts, which PuTTY will coerce
into a fixed-width grid in its terminal emulation. In particular,
this allows you to use GNU Unifont and Fixedsys Excelsior. (Thanks
to Randall Munroe for a serious suggestion that inspired this.)
- On Unix: the GTK port now compiles with GTK version 2, which is
generally shinier and in particular provides access to client-side
scalable fonts. (Though, unlike some GTK 2 applications, we have
retained support for old-style X11 server-side bitmap fonts too.)
Some Linux distributions have been shipping pre-release versions of
GTK 2 PuTTY for years, so this won't be a surprise to anyone using
Unix PuTTY or pterm via Debian or Ubuntu. But this is the first
official release containing that functionality.
- A small but important feature: you can now manually tell PuTTY the
name of the host you expect to end up talking to, in cases where
that differs from where it's physically connecting to (e.g. when
port forwarding). If you do this, the host key will be looked up
and cached under the former name.
- Assorted optimisation and speedup work. SSH key exchange should be
faster by about a factor of three compared to 0.60; SSH-2
connections are started up in a way that reduces the number of
network round trip delays; SSH-2 window management has also been
revised to reduce round trip delays during any large-volume data
transfer (including port forwardings as well as SFTP/SCP).
- Support for OpenSSH's security-tweaked form of SSH compression (so
PuTTY can now use compression again when talking to modern OpenSSH
servers).
- Support for Windows 7's new user interface features. The new Aero
window management should now play nicely with PuTTY's complicated
window resize handling, and Windows 7 jump lists are now supported
so you can launch saved sessions directly from the taskbar.
Bug fixes include:
- Better support for importing OpenSSH private keys in PuTTYgen: we
now support key files encrypted with AES, and we cope with keys
whose primes are listed in the opposite order from the one we
expect.
- Corruption of data transferred over port forwardings is _probably_
fixed (though there is the possibility that it was due to more than
one bug, so we want to hear about it if it's still happening).
- Crashing when the server unexpectedly closes the network connection
should be fixed. On Windows Vista and 7, PuTTY also no longer goes
into a tight loop in this situation.
- PSCP and PSFTP should no longer hang on exit in some failure cases.
- On Windows: fixed a hang in the serial port back end.
- On Windows: PuTTY reads from the clipboard in a separate thread
from its main one, which fixes a deadlock when trying to cut and
paste into PuTTY from an X11 application or Remote Desktop session
tunnelled through the same instance of PuTTY.
- Many, many other bug fixes.
Enjoy using PuTTY!
Jun 28, 2011
Citi Hackers Got Away With $2.7 Million
May 27, 2011
Call Interception Demonstrated On New Cisco Phones
Confessions of a Computer Repairman
May 3, 2011
Repudiate This!
- A service that provides proof of the integrity and origin of data.
- An authentication that with high assurance can be asserted to be genuine.
Sony Breach Gets Worse: 24.6 Million Compromised Accounts At SOE
Sony Breach Gets Worse: 24.6 Million Compromised Accounts At SOE: "An anonymous reader writes with an update to yesterday morning's news that Sony Online Entertainment's game service was taken offline to investigate a potential data breach related to the PSN intrusion. SOE has now said that they too suffered a major theft of user data.
'... personal information from approximately 24.6 million SOE accounts may have been stolen, as well as certain information from an outdated database from 2007. The information from the outdated database that may have been stolen includes approximately 12,700 non-US credit or debit card numbers and expiration dates (but not credit card security codes), and about 10,700 direct debit records of certain customers in Austria, Germany, Netherlands and Spain.'"
Google Chrome Canary Now Available for Mac [Downloads]
Apr 22, 2011
CERN, LHC Sets New Luminosity World Record
CERN, LHC Sets New Luminosity World Record: "An anonymous reader writes 'Since last night, the Large Hadron Collider is officially the most powerful accelerator in the world. While a record energy level had been reached last year, the new luminosity level, surpassing Fermilab's capabilities, is a new achievement. 'Higher intensity means more data, and more data means greater discovery potential,' as CERN Director General Rolf Heuer says.'"
Dropbox Can't See Your Dat– Er, Never Mind
Dropbox Can't See Your Dat– Er, Never Mind: "bizwriter writes 'Dropbox, the online backup and file sharing service claims to have hit 25 million users in a single year. But a change in terms, noting that Dropbox will give up data to law enforcement under a legal request, showed that the company's security claims couldn't be possible. It turns out that Dropbox claims in one place that encrypted data makes it impossible for employees to see into user files, but in another says that they're only 'prohibited' from doing so.'"
Gmail Now Lets You Make Longer Labels (Without Wasting Screen Space) [In Brief]
Gmail Now Lets You Make Longer Labels (Without Wasting Screen Space) [In Brief]: "
Up until today, you could only make new Gmail labels that were 40 characters long—which could sometimes prove difficult. They've now extended that limit to 225 characters, giving you a lot more leeway in how you organize your messages. They've also truncated the actual labels themselves in your inbox, so they don't take up too much space if they're long or buried in a long trail of nested folders (mousing over them, however, will show you the full label name or path). It's just a few small changes, but certainly welcome ones for label addicts. [Official Gmail Blog] More »"
How to Port Your Number to Google Voice Without Paying an Arm and a Leg [Video]
How to Port Your Number to Google Voice Without Paying an Arm and a Leg [Video]: "
Google Voice is a great service, but changing your phone number can seem like pulling teeth. If you've been thinking about porting your existing number to Voice, here's what you need to know to make it go as smoothly as possible. More »"
Apr 21, 2011
Apple Logging Locations of All iPhone Users
Mar 30, 2011
Google Fiber coming to Kansas
Google Fiber on YouTube
Mar 11, 2011
Dear Microsoft: Resource Monitor Sucks
If I can watch a movie, play a game with thousands of people with live news and weather feeds scrolling across the screen from around the world all on this hardware, why can't you make a performance monitor that looks decent and doesn't chug along like an over worked grandma?
Signed,
Every Windows Sysadmin in the World!
Mar 9, 2011
Dear Mildred...
I was going to contribute to Stewart Mitchell’s request for horror stories about computer repair people; then I was completely diverted by a panic phone call from an old friend, which helped me to realise that I was far more of a repairer than a customer of repairers.
That 72 hours of raw-edged panic was quite enough for me to focus on the sins of those who come and ask for help, which can be every bit as difficult as the sins of the fixers. So pardon me while I abuse the Pro blogs to let my friend know how I felt about her approach to the whole sorry matter.
Dear Mildred (name changed to protect the innocent here),
It was delightful to hear about your holiday in Kuala Lumpur, for 20 minutes, before you got around to mentioning that you had brought back a DVD burned for you by a charismatic local photographer and thrown it in that laptop you obtained from me six months or more ago. It was sadly not surprising to hear that once that DVD had been introduced to the laptop, you had laid yourself wide open to every hacker and script kiddie on the planet. The parts I did find surprising then came so thick and fast that I was barely able to assemble a coherent reply, so let’s unpack all your assumptions and deal with them item by item, now that facts can take precedence over emotional blackmail.
- No, it doesn’t matter how you imagine viruses work: they will not be amenable to persuasion, they will do what they like. Responses like “that seems a bit far-fetched” won’t get your laptop fixed, or keep the hackers away. After the initial, invisible infection has granted the underworld open access to your PC, they are unlikely to steal your personal data – you’re not rich enough – but they will sell off access to your machine, for a relative pittance, to much less accomplished hackers. It’s their lesser efforts you can see, and they’re just evidence of the basic high-quality infection.
- No, you can’t sue AVG. You put a physical piece of storage in your DVD drive and clicked on various dialog boxes, some of which you neither understood, nor can now remember, because you wanted to get at the content on the disk. Once you do that, it’s game over.
- No, I am not responsible for everything that befalls something I once owned. It is now your laptop and your responsibility. Curiously, I am not sitting around at home doing nothing waiting for machines to die, and there is no way that you can cajole, seduce or otherwise influence me to “just spend ten minutes on it”. There are two reasons for this. One is that it’s perfectly clear that if I do touch it, I will never hear the end of the matter for as long as I live. The other is that once you stuck that DVD in there and started saying “yes, OK” to every resulting dialog box, you sank the whole thing. It doesn’t take 10 minutes to sort that out; it requires a complete machine reload to properly guarantee the infection is history.
- No, there is no neat and handy way I’ve been keeping secret that allows you to retain your extensive collection of stolen software licences loaded on that laptop. It’s even possible (but unlikely) that one of those copies you downloaded from total strangers via BitTorrent was actually the source of infection, not the DVD from that far-off and well-known training school for global cybercrime supercriminals. But you don’t believe that possibility either, so that’s me told good and proper. I personally remember all those nights in the 90’s when your standard response to any creative suggestion was “that’s great, but don’t tell anyone else so they can’t steal your idea” – rampant hypocrisy always offends me, especially when the software you’ve stolen is used to maintain your creative business. Perhaps you wouldn’t be in this dire situation if you had actually paid for the things you use (and therefore could reinstall them), even paying for a decent image-based backup program would have saved your bacon. Just because I use one and recommend it to everyone doesn’t mean it must therefore be nerdy and incomprehensible so you shouldn’t touch it.
- Don’t worry. I don’t propose to identify the specific products you don’t have licences for, mainly because I think the whole business of what’s free and what’s not is now so murky and confused that I don’t think you are even doing anything special these days. It’s not something I will involve myself in, though, which is in part why I am more tilted towards the hardware business, than software, these days. I have gone about as far as I can here to make it clear why your approach to the way your laptop drives your business, mixed with your approach to the way that people in the computer business sell things to you, adds up to a disaster waiting to happen. And I do disaster recovery, not disaster participation.
Love and kisses,
Steve
Mar 2, 2011
Updates: Firefox 3.6.14/3.5.17, Thunderbird 3.1.8, Adobe Flash v10.2.152.32 & WireShark 1.4.4, (Wed, Mar 2nd)
Feb 17, 2011
How Your Username May Betray You
PaperCut Version 11.1 Released
Some might think we took a holiday after releasing version 11.0 last month. Not so! We’ve been hard at work polishing the new features, making many minor improvements and of course avoiding all the floods and cyclones (hurricanes) that have been happening down under! PaperCut 11.1 is now ready for download.
We’ve had lots of great feedback about the dashboard and the new look interface – thanks to everyone who emailed in. Much to the delight of our support team the version 11.0 release last month went down smoothly and there were no major issues reported. If you’ve been holding off on the upgrade because you don’t like “dot zero” releases there is no excuse now!
Among the many little enhancements in this release we’ve expanded our watermarking support across a greater range of PCL6 printer drivers.
The full list of changes can be found in the release history. Happy downloading!
Flood image by Looking Glass / CC BY
"
New Windows SMB 0-Day Vulnerability
Feb 8, 2011
Google Family Safety Center
I'll be adding this to the list or home computing resources. What a great tool.
Google Family Safety Center
Jan 28, 2011
New Critical Bug In All Current Windows Versions
Jan 25, 2011
Best Terminal App, EVAR!
Cathode - Vintage Terminal Emulator
Jan 24, 2011
Apple hires former NSA, Navy analyst as security czar
Jan 7, 2011
Splunk GEOIP Lookup
sourcetype="linux_secure" name="Failed Password" | lookup geoip clientip as src_ip | timechart useother=false limit=5 count by client_country
You can easily change client_country with src_ip to start dropping the ban-hammer as well.
Jan 6, 2011
Useful Splunk Queries
sourcetype="WinEventLog:Security" User Name: "CategoryString=Logon/Logoff" User_Name="administrator" | chart count(eval(Type="Failure Audit")) as "Login Failures" by src_ip
This will give you a nice chart showing a count of Administrator logon failures by source IP.
If you find yourself getting data that you aren't sure is real or should be ignored, I find the best way to be sure is to verify with a known failure or reproduction of the issue to be tracked. In this case, I simply attempted to log in with a bad password and my attempt showed up after a refresh.