Many may have already heard of apache killer which came out a couple of days ago - actually this is a vulnerability revealed by a google coder back in 2007, but just this week, Kingcope released a perl script that can take down any apache website in seconds.
A very simple perl script can be run from any remote machine - they need only plug your web server ip into the script = sudden death!
It gets worse - many routers do not run apache for their web server - but they DO run lighthttpd (such as Pfsense!!!) - which just happens to share the same vulnerable module that apache runs. So you better not have your management interface open to the public.
What can you do? Apache is due to release a patch shortly - within 96 hours as said HERE. which will most likely require a source compile, or wait further for pre-compiled packages for your platform.
Another rather pathetic alternative is to employ mod_security - which causes the web server process to fork in to several unique processes, so if you get attacked it will only kill the process serving that user - typically apache will run 8 or more unique processes (your config may vary) - which is helpful, but eventually they can still kill you. Here is a guide on setting up mod_security if you dont already have it.
Saturday, August 27, 2011
Tuesday, July 19, 2011
An office spin-off, or a whole new playing field?
Last year Orcale bought out Sun - the makers of OpenOffice, and it has since been the source of much controversy - an open source stratedgist now owned by a commercial giant - dollars are the word of the day.
Well last September some OpenOffice developers got tired of the path traveled, and forked off with LibreOffice - thus far it looks and feels much like OpenOffice, but they are moving in great leaps.
LibreOffice is sponsored by Google, RedHat, Novel, and Canonical - big names in case you didnt know!
90% of LibreOffice is a direct dirivitive from OpenOffice, but they have streamlined a few areas, added more language support, better font support, better Excel formula support and most importantly an Office 2007-2010 import/export feature (completely lacking in OpenOffice).
Their inspiration looks genuine, and their openness even more, I am going to give it a whirl!
Saturday, July 9, 2011
FCC planning telco funerals, or another excuse to fleece the public??
Was reading the latest FCC advisories for the funeral of the conventional telco network aka PSTN (thanks to Matt):
http://blog.tomevslin.com/2011/07/tac-to-fcc-set-a-date-certain-for-the-end-of-the-pstn.html
They are actually coming up with a plan to actively shut down the PSTN in the next 7 years, because they say VoIP is causing obsolescence and telcos are loosing money.
WHAT A BUNCH OF LIES - revenue/infrastructure has in no way decreased since the 1980s - when there was no such thing as monthly ISP fees or monthly cellular subscriptions and SMS - 1985-1995 was a windfall of revenue growth for communications providers - and these days with smart phone data plans - another windfall.
From a time when every household had 1 land line, to now being every human being having a cellular phone (sometimes 2) and households having broadband, and even personal broadband subscriptions for every person, they have driven revenues up %1000 minimum.
They talk like general nationwide copper connectivity was only achieved in the last decade - another exaggeration - the same locations that used copper for dialtone 20 years ago, are now using copper for data connectivity, and often times in residential settings at a higher cost.
VoIP networks are being implemented to *simulate* POTS (Plain old telephone service), not be an *incompatible* competition.
- When steam trains got replaced by diesel trains did the track owners deny steam operators from getting on the track 7 years later?? - obviously the train industry has nearly died because of poor steam management.
- copper lines are still a necessity since it provides the best performing broadband connection method at the lowest cost, and with fiber coming in at much higher monthly fees, they are more than paying for their network, and will continue to.
They talk about USF fees drying up because of VoIP - WHAT A JOKE and UTTER LIE!!!! I run a VoIP business, in 2006 the FCC mandated USF collections upon all VoIP providers as well, some users slide past this, but the greater majority are paying the fee.
The argument of maintenance costs - WEAK - obviously telco networks dont run themselves, but -get real- the telcos have implemented a high rate of automation, especially to automate failover, and besides that, class 5 equipment is built to have a much longer life span - its not like a PC and you have to get a new one every 3 years. Their biggest cost is more than likely billing disputes - not maintenance! Building the network to bring on new customers and new features is an obvious cost - and if they want to build more revenue, they will do this.
There has been talk of rebuilding the whole nations infrastructure to replace the PSTN - this is NOT a requirement - they should simply take the USF fees which keep going up, and use it to build up / enhance those so called back country telcos that have been subsidized all these years to bring them up to current standards to provide either voice or data and let customers choose - data services are typically at a premium to customers, obviously the costs are being taken care of so far.
They talk about PSTN dieing in the next 7 years - they should really just let it go naturally of its own accord, and get the small minority of deficient telcos prepared for the migration - sadly grannies with land lines will give them up when they die, which will not be in the next 7 years - the next 15-20 years might be more realistic - at which time a better technology will probably be available at a far lower expense.
So far there is no true acceptance of peer-to-peer free communication - even though we are completely capable of it, so far the world at large is being fleeced by marketing pigs saying that we need "Enterprise VoIP", and that we need to pay big money for it, just because it has "Enterprise" in front of it. Skype is a poor excuse of peer to peer communication.
Today I have a small customer of 12 users paying $1200/month for a so called Enterprise VoIP solution over T1 - a technology created almost 40 years ago (someone does have wool in their eyes) - and these people say they can change this in a mere 7 years?? People wont get their heads out of marketing's dark @$$ long enough to see what VoIP really is.
This all sounds more like another way to let the sharks bleed us while our government herds us in for slaughter - ie a premium to talk to the rest of the world that has not standardized on government VoIP, or taxes on our packets - or like the DTV conversion - many tried to scare people into spending money.
http://blog.tomevslin.com/2011/07/tac-to-fcc-set-a-date-certain-for-the-end-of-the-pstn.html
They are actually coming up with a plan to actively shut down the PSTN in the next 7 years, because they say VoIP is causing obsolescence and telcos are loosing money.
WHAT A BUNCH OF LIES - revenue/infrastructure has in no way decreased since the 1980s - when there was no such thing as monthly ISP fees or monthly cellular subscriptions and SMS - 1985-1995 was a windfall of revenue growth for communications providers - and these days with smart phone data plans - another windfall.
From a time when every household had 1 land line, to now being every human being having a cellular phone (sometimes 2) and households having broadband, and even personal broadband subscriptions for every person, they have driven revenues up %1000 minimum.
They talk like general nationwide copper connectivity was only achieved in the last decade - another exaggeration - the same locations that used copper for dialtone 20 years ago, are now using copper for data connectivity, and often times in residential settings at a higher cost.
VoIP networks are being implemented to *simulate* POTS (Plain old telephone service), not be an *incompatible* competition.
- When steam trains got replaced by diesel trains did the track owners deny steam operators from getting on the track 7 years later?? - obviously the train industry has nearly died because of poor steam management.
- copper lines are still a necessity since it provides the best performing broadband connection method at the lowest cost, and with fiber coming in at much higher monthly fees, they are more than paying for their network, and will continue to.
They talk about USF fees drying up because of VoIP - WHAT A JOKE and UTTER LIE!!!! I run a VoIP business, in 2006 the FCC mandated USF collections upon all VoIP providers as well, some users slide past this, but the greater majority are paying the fee.
The argument of maintenance costs - WEAK - obviously telco networks dont run themselves, but -get real- the telcos have implemented a high rate of automation, especially to automate failover, and besides that, class 5 equipment is built to have a much longer life span - its not like a PC and you have to get a new one every 3 years. Their biggest cost is more than likely billing disputes - not maintenance! Building the network to bring on new customers and new features is an obvious cost - and if they want to build more revenue, they will do this.
There has been talk of rebuilding the whole nations infrastructure to replace the PSTN - this is NOT a requirement - they should simply take the USF fees which keep going up, and use it to build up / enhance those so called back country telcos that have been subsidized all these years to bring them up to current standards to provide either voice or data and let customers choose - data services are typically at a premium to customers, obviously the costs are being taken care of so far.
They talk about PSTN dieing in the next 7 years - they should really just let it go naturally of its own accord, and get the small minority of deficient telcos prepared for the migration - sadly grannies with land lines will give them up when they die, which will not be in the next 7 years - the next 15-20 years might be more realistic - at which time a better technology will probably be available at a far lower expense.
So far there is no true acceptance of peer-to-peer free communication - even though we are completely capable of it, so far the world at large is being fleeced by marketing pigs saying that we need "Enterprise VoIP", and that we need to pay big money for it, just because it has "Enterprise" in front of it. Skype is a poor excuse of peer to peer communication.
Today I have a small customer of 12 users paying $1200/month for a so called Enterprise VoIP solution over T1 - a technology created almost 40 years ago (someone does have wool in their eyes) - and these people say they can change this in a mere 7 years?? People wont get their heads out of marketing's dark @$$ long enough to see what VoIP really is.
This all sounds more like another way to let the sharks bleed us while our government herds us in for slaughter - ie a premium to talk to the rest of the world that has not standardized on government VoIP, or taxes on our packets - or like the DTV conversion - many tried to scare people into spending money.
Monday, June 20, 2011
Why Sonicwall cant do one size fits all
You should notice all the features in the sections on the right that say "Licensed" - this thing sounds like (guess thats where "sonic" comes in) a pretty feature rich appliance, but look under the arrow...WELL that is like saying a Ford Pinto with power windows and AC is a high performance vehicle! -Sonicwall does not put the motor or framework in there to handle all these features properly - otherwise a network with 8 whole users on it should not max out the CPU on this "enterprise firewall" that could potentially be used by "unlimited" users if they upgraded the license.
You will see in the picture above that it has a 299mhz CPU and 128 mb of RAM - and it is performing all these tasks poorly:
- Firewalling and Routing
- Web Content filtering
- Intrusion Prevention System (IPS/IDS)
- Antivirus filtering
- Spam filtering (woops its not even on)
- Spyware blocking
- VPN
- Advanced logging and reporting
- Proxy server
- Network load balancing or DMZ
I would say our base Smpl-Route router does not even have the horse power to keep up with all that, and it has a 500mhz CPU, 256 mb RAM, and a dedicated VPN encryption accelerator - nearly double the capacity of the Sonicwall; yet at this size, we only enable 2-3 of the above features - if more are needed, we use the properly sized hardware for the task, and provide all of the above and more with no licensing fees.
And besides that - while our firewall might be capable of something we wont shuv it down your throat, when something else may do it better - for instance if you want spam filtering for your Exchange server - get the best, get ORF, its cheap and far more capable at this simple task - and there's still no annual fee.
So while the hardware sometimes (rarely) costs more than a Sonicwall, the annual fee is much less at $0, and it is the proper vehicle for your network's demands - rather than some spiffed out Pinto with a sweet dealer program - we don't get a cruise to the Bahamas for selling 50 SmplRoutes.
Sunday, June 19, 2011
Open Source auto maker opens in Arizona
I had the privilege to actually see LMRF0002 on Interstate 10 this weekend - the USA's answer to the Ariel Atom (UK):
Funny - I read an article about Local Motors about 3 weeks ago, an Open Source manufacturer opening "micro factories" (goes well with micro brew), across the US. They make community designed vehicles to spec that meet DOT and other regulations for legal highway or offroad driving. For instance their Rally Fighter is SCORE legal to race in the Baja 1000, and 50 state emission legal. They currently have 5 major models in design.
You can purchase a Rally Fighter for under $60k, and you are then invited to not only customize it to your liking, but also actually come and build it with your own "personal mechanic trainer" to get you into shape if your wrenches are rusty.
The Rally Fighter is available with a BMW 3.0 liter turbo "clean diesel" cranking out 425 ft/lb of torque (capable of 30-35mpg), or a 6.2 liter 430 hp gas V8. It seems to come in 2 basic flavors, a kind of sports car model that is off road ready but really performs well on the highway, and a slightly higher slung model to really catch some air and blow mud.
The Rally Fighter styling was designed by community member Sangho Kim, a 2010 graduate of Art Center College of Design in Pasadena, and overall design and engineering was completed by over 160 community members - pretty impressive example of "power of the people". This vehicle may sound expensive, but you have to imagine- it uses cutting edge technology, and is nearly bullet proof, if it was made by a leading auto maker it would probably cost in excess of $100k. And while its not a trophy truck, it could probably keep good pace with a trophy truck which will often cost $200-400k.
To make an example of its capabilities - LM pinned the Rally Fighter against a Ford F-150 Raptor which is intended to be a factory "race ready" (not really) off road truck with a 6.2 liter 411 horsepower V8, long travel Fox Racing off road shocks and 4x4. The 2 vehicles took the dirt path from Pheonix to Flagstaff, it took the Ford 8 hours to arrive at the top of the mountain, while the Rally Fighter had been resting at the bar in Flagstaff for nearly 5 hours waiting for the Ford to arrive - obviously the Ford is not as well equipped, but who would have thought it would take more than double the time to complete the same course.
Local Motors is really innovating design, using things like carbon fiber, full roll cages, and no paint - they found out vinyl is stronger/lighter than paint- saved 12 lb on the car's weight, and its easier to customize and repair. Designs are freely downloadable on their site, so anyone can easily contribute and improve upon it.
Here is a great video showing how the car can seemingly float across nasty terrain over which I would normally drive my truck at no more than 10 mph:
If you are ever in Pheonix - LM has a monthly "show-off" bar-b-q event every 2nd Tuesday of the month - more on the car here. More on Open Source auto here.
Funny - I read an article about Local Motors about 3 weeks ago, an Open Source manufacturer opening "micro factories" (goes well with micro brew), across the US. They make community designed vehicles to spec that meet DOT and other regulations for legal highway or offroad driving. For instance their Rally Fighter is SCORE legal to race in the Baja 1000, and 50 state emission legal. They currently have 5 major models in design.You can purchase a Rally Fighter for under $60k, and you are then invited to not only customize it to your liking, but also actually come and build it with your own "personal mechanic trainer" to get you into shape if your wrenches are rusty.
The Rally Fighter is available with a BMW 3.0 liter turbo "clean diesel" cranking out 425 ft/lb of torque (capable of 30-35mpg), or a 6.2 liter 430 hp gas V8. It seems to come in 2 basic flavors, a kind of sports car model that is off road ready but really performs well on the highway, and a slightly higher slung model to really catch some air and blow mud.The Rally Fighter styling was designed by community member Sangho Kim, a 2010 graduate of Art Center College of Design in Pasadena, and overall design and engineering was completed by over 160 community members - pretty impressive example of "power of the people". This vehicle may sound expensive, but you have to imagine- it uses cutting edge technology, and is nearly bullet proof, if it was made by a leading auto maker it would probably cost in excess of $100k. And while its not a trophy truck, it could probably keep good pace with a trophy truck which will often cost $200-400k.
To make an example of its capabilities - LM pinned the Rally Fighter against a Ford F-150 Raptor which is intended to be a factory "race ready" (not really) off road truck with a 6.2 liter 411 horsepower V8, long travel Fox Racing off road shocks and 4x4. The 2 vehicles took the dirt path from Pheonix to Flagstaff, it took the Ford 8 hours to arrive at the top of the mountain, while the Rally Fighter had been resting at the bar in Flagstaff for nearly 5 hours waiting for the Ford to arrive - obviously the Ford is not as well equipped, but who would have thought it would take more than double the time to complete the same course.
Local Motors is really innovating design, using things like carbon fiber, full roll cages, and no paint - they found out vinyl is stronger/lighter than paint- saved 12 lb on the car's weight, and its easier to customize and repair. Designs are freely downloadable on their site, so anyone can easily contribute and improve upon it.
Here is a great video showing how the car can seemingly float across nasty terrain over which I would normally drive my truck at no more than 10 mph:
If you are ever in Pheonix - LM has a monthly "show-off" bar-b-q event every 2nd Tuesday of the month - more on the car here. More on Open Source auto here.
100 mpg available to the government
- wonder if/when it will hit the public? Achates (a San Diego company) has created a revolutionary new/old engine design - 2 pistons per cylinder that is estimated to be capable of 100 mpg!!! In the 1930s some aircraft engines used this design, but they disappeared. Now they are back using diesel and 2 stroke technology. The 2 cylinders collide into each other, and at the very last moment the fuel fires and pushes the 2 cylinders back apart.
Instead of conventional intake/exhaust valve technology, they are using 2 stroke technology which is simple port holes cut into the cylinder walls, as the piston slides up/down, certain ports are uncovered allowing air to pass thru the port - this greatly reduces moving parts and mass (theres no cylinder head), and increases the amount of power output per cylinder movement using a much smaller lighter engine.
See the video here: http://www.achatespower.com/opposedpiston.php
Now - by doubling up the pistons per cylinder with 2 stroke technology we achieve 4 times the power per firing sequence of a conventional engine.
I wonder if/when this will hit the public, or do they call it "classified" - Achates' A40 prototype has been used by the government since 2009, they have built a vehicle using the 1 cylinder 2 piston motor, probably one of those un-manned recon-rovers, and still we hear very little about it.
Here is a detailed document on the A40:
www.achatespower.com/pdf/2011_SRM_Winter2011.pdf
Instead of conventional intake/exhaust valve technology, they are using 2 stroke technology which is simple port holes cut into the cylinder walls, as the piston slides up/down, certain ports are uncovered allowing air to pass thru the port - this greatly reduces moving parts and mass (theres no cylinder head), and increases the amount of power output per cylinder movement using a much smaller lighter engine.See the video here: http://www.achatespower.com/opposedpiston.php
Now - by doubling up the pistons per cylinder with 2 stroke technology we achieve 4 times the power per firing sequence of a conventional engine.
I wonder if/when this will hit the public, or do they call it "classified" - Achates' A40 prototype has been used by the government since 2009, they have built a vehicle using the 1 cylinder 2 piston motor, probably one of those un-manned recon-rovers, and still we hear very little about it.
Here is a detailed document on the A40:
www.achatespower.com/pdf/2011_SRM_Winter2011.pdf
Tuesday, June 7, 2011
MS pulls the Skype right out of the open
sores that is... funny - microsoft buys skype, skype gets closed - hmmm, does someone think they will compete with google voice - that would be a dream rather than a thought. - from one of my favorite sites
Subscribe to:
Posts (Atom)