SQL injection can be used to attack websites that interact with databases. It occurs when unfiltered input designated by the user is used in an SQL query. Many networks were breached using SQL injection vulnerabilities in Web servers to gain a beachhead. In Sept 2009, a 28-year-old Miami resident pleaded guilty on Friday to charges of conspiracy, computer and wire fraud, and aggravated identity theft stemming from the massive thefts of data from major commerce companies, such as retail giant TJX and payment processor Heartland Payment Systems.
SQL queries can be used to query a database, insert data into a database or modify/delete data from a database. A lot of modern websites use scripting and SQL to generate page content dynamically. User input is frequently used in SQL queries and this can be dangerous as hackers can try to embed invalid SQL code within the input data. Without careful attention, this malicious SQL may be executed successfully on the server. As example below, i would like to share my knowledge on how SQL injection was performed.
Take the following PHP code:
$firstname = $_POST[“firstname”];
mysql_query(“SELECT * FROM users WHERE first_name=’$firstname’”);
After submitting your first name to the web form, the SQL query will return a list of users that have your first name. If I put my name “Chris” in the form, the SQL query would be:
“SELECT * FROM users WHERE first_name=’Chris’”
This is a valid statement and will work as you would expect, but what would happen if instead of my first name, I put in something like “’; DROP TABLE; #”? The statement would then read:
“SELECT * FROM users WHERE first_name=’’; DROP TABLE users; #’”
The semi-colon allows multiple commands to be run, one after the other. Suddenly the simple statement is now a complex three part statement:
SELECT * FROM users WHERE first_name=’’;
DROP TABLE users;
#’
The original statement is now useless, and can be ignored. The second statement instructs the database to drop (delete) the entire table and the third uses the ‘#’ character which tells MySQL to ignore the rest of the line. The above is particularly dangerous and can be used to display sensitive data, update fields or delete/remove information. Some database servers can even be used to execute system commands via SQL.
Fortunately this type of vulnerability is easily avoided by validating user input. In PHP there is a special function for stripping out potential SQL injection code called ‘mysql_real_escape_string’. This function should be used to filter any data that is passed to an SQL statement.
Sunday, September 20, 2009
Saturday, August 22, 2009
Identify Machine on LAN
In this article, i would like to share on how to identify machine in our network. Perhaps this tutorial only focus machine running on linux,so for windows animals not encourage to read this.
You can use ping or nmap to find out what machines are currently on the local network.
The first method involves pinging the LAN broadcast address.
To find out the broadcast address of the local network:
$ ifconfig eth0
eth0 Link encap:Ethernet HWaddr 01:1B:6B:D8:B1:26 inet addr:192.168.0.103 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: fe80::20b:6aff:fed0:bb04/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:70324 errors:0 dropped:0 overruns:0 frame:0 TX packets:69429 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:28758708 (27.4 MiB) TX bytes:9680092 (9.2 MiB) Interrupt:177 Base address:0xdc00
From the ifconfig output, we determine that the broadcast address is 192.168.0.255. Now, we ping the broadcast address.
$ ping -b -c 3 -i 20 192.168.0.255
WARNING: pinging broadcast addressPING 192.168.0.255 (192.168.0.255) 56(84) bytes of data.64 bytes from 192.168.0.100: icmp_seq=1 ttl=64 time=0.208 ms
64 bytes from 192.168.0.1: icmp_seq=1 ttl=150 time=0.625 ms (DUP!)
64 bytes from 192.168.0.100: icmp_seq=2 ttl=64 time=0.218 ms64 bytes from 192.168.0.1: icmp_seq=2 ttl=150 time=0.646 ms (DUP!)
64 bytes from 192.168.0.100: icmp_seq=3 ttl=64 time=0.217 ms--- 192.168.0.255 ping statistics ---3 packets transmitted, 3 received, +2 duplicates, 0% packet loss, time 39998msrtt min/avg/max/mdev = 0.208/0.382/0.646/0.207 ms
Note that:
-b is required in order to ping a broadcast address.
-c is the count (3) of echo requests (pings) it will send.
-i specifies the interval in seconds between sending each packet. You need to specify an interval long enough to give all the hosts in your LAN enough time to respond.
The ping method does not guarantee that all systems connected to the LAN will be found. This is because some computers may be configured NOT to reply to broadcast queries, or to ping queries altogether.
The second method uses nmap. While nmap is better known for its port scanning capabilities, nmap is also very dependable for host discovery.
You can run nmap as either a non-root user, or root. nmap will only give non-root users the IP address of any host found.
$ nmap -sP 192.168.0.1-254
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2008-05-19 17:02 PDTHost 192.168.0.1 appears to be up.Host 192.168.0.100 appears to be up.Host 192.168.0.103 appears to be up.Nmap finished: 254 IP addresses (3 hosts up) scanned in 2.507 seconds
If you run nmap as root, you will also get the MAC address:
$ nmap -sP 192.168.0.1-254
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2008-05-19 18:06 PDTHost 192.168.0.1 appears to be up.MAC Address: 03:05:6D:2D:87:B3 (The Linksys Group)Host 192.168.0.100 appears to be up.MAC Address: 00:07:95:A9:3A:77 (Elitegroup Computer System Co. (ECS))Host 192.168.0.103 appears to be up.Nmap finished: 254 IP addresses (3 hosts up) scanned in 5.900 seconds
-sP instructs nmap to only perform a ping scan to determine if the target host is up; no port scanning or operating system detection is performed.
By default, the -sP option causes nmap to send an ICMP echo request and a TCP packet to port 80.
Using either ping or nmap, you can find out what machines are connected to your LAN.
You can use ping or nmap to find out what machines are currently on the local network.
The first method involves pinging the LAN broadcast address.
To find out the broadcast address of the local network:
$ ifconfig eth0
eth0 Link encap:Ethernet HWaddr 01:1B:6B:D8:B1:26 inet addr:192.168.0.103 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: fe80::20b:6aff:fed0:bb04/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:70324 errors:0 dropped:0 overruns:0 frame:0 TX packets:69429 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:28758708 (27.4 MiB) TX bytes:9680092 (9.2 MiB) Interrupt:177 Base address:0xdc00
From the ifconfig output, we determine that the broadcast address is 192.168.0.255. Now, we ping the broadcast address.
$ ping -b -c 3 -i 20 192.168.0.255
WARNING: pinging broadcast addressPING 192.168.0.255 (192.168.0.255) 56(84) bytes of data.64 bytes from 192.168.0.100: icmp_seq=1 ttl=64 time=0.208 ms
64 bytes from 192.168.0.1: icmp_seq=1 ttl=150 time=0.625 ms (DUP!)
64 bytes from 192.168.0.100: icmp_seq=2 ttl=64 time=0.218 ms64 bytes from 192.168.0.1: icmp_seq=2 ttl=150 time=0.646 ms (DUP!)
64 bytes from 192.168.0.100: icmp_seq=3 ttl=64 time=0.217 ms--- 192.168.0.255 ping statistics ---3 packets transmitted, 3 received, +2 duplicates, 0% packet loss, time 39998msrtt min/avg/max/mdev = 0.208/0.382/0.646/0.207 ms
Note that:
-b is required in order to ping a broadcast address.
-c is the count (3) of echo requests (pings) it will send.
-i specifies the interval in seconds between sending each packet. You need to specify an interval long enough to give all the hosts in your LAN enough time to respond.
The ping method does not guarantee that all systems connected to the LAN will be found. This is because some computers may be configured NOT to reply to broadcast queries, or to ping queries altogether.
The second method uses nmap. While nmap is better known for its port scanning capabilities, nmap is also very dependable for host discovery.
You can run nmap as either a non-root user, or root. nmap will only give non-root users the IP address of any host found.
$ nmap -sP 192.168.0.1-254
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2008-05-19 17:02 PDTHost 192.168.0.1 appears to be up.Host 192.168.0.100 appears to be up.Host 192.168.0.103 appears to be up.Nmap finished: 254 IP addresses (3 hosts up) scanned in 2.507 seconds
If you run nmap as root, you will also get the MAC address:
$ nmap -sP 192.168.0.1-254
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2008-05-19 18:06 PDTHost 192.168.0.1 appears to be up.MAC Address: 03:05:6D:2D:87:B3 (The Linksys Group)Host 192.168.0.100 appears to be up.MAC Address: 00:07:95:A9:3A:77 (Elitegroup Computer System Co. (ECS))Host 192.168.0.103 appears to be up.Nmap finished: 254 IP addresses (3 hosts up) scanned in 5.900 seconds
-sP instructs nmap to only perform a ping scan to determine if the target host is up; no port scanning or operating system detection is performed.
By default, the -sP option causes nmap to send an ICMP echo request and a TCP packet to port 80.
Using either ping or nmap, you can find out what machines are connected to your LAN.
Sunday, August 2, 2009
Fighting Spam in Lotus Domino
Fighting spam requires that not only your servers be configured to fight spam but your end users understand how to not cause spam to be generated in the first place. In Domino the first and most important thing to eliminate spam is to deny relaying on the server. A relay is SMTP server that allows any e-mailer to route messages through your server to a foreign destination. Being an open relay can not only cause your server to be flooded with emails, but can get your company blacklisted from receiving emails by your customers and business associates.
To check if you are an open relay is very simple. In Windows XP, you can open the command prompt window and telnet to your mail server on port 25 by issuing the following command. Note that you should use the hostname or IP address of your Domino SMTP server. This is a good way to test SMTP issues you may be having too so pay attention !
C:\>telnet smtpserver.yourdomain.com 25
After you issue the command you should receive a response that looks like:
220 smtpserver.yourdomian.com ESMTP Service (Lotus Domino Release 5.0.9a) ready at Fri, 15 Mar 2002 10:44:02 -0500
At the prompt, issue the helo command to identify your domain. For our relay test, you will want to use a fictitious outside domain, such as test.com. You should receive a response as follows:
helo test.com
250 smtpserver.yourdomain.com Hello test.com ([127.0.0.1]), pleased to meet you
Next, you will type the mail from: command to identify the senders email address. I usually use test@test.com. Make sure that this email address uses the same domain in your helo command. You will receive a 250 response that your sender is OK.
mail from:test@test.com
250 test@test.com... Sender OK
Afterwards you want to identify your recipient with a rcpt to: command. Here is where you will see if you’re an open relay in Domino. In my example, I am coming in from the domain test.com and sending to the domain yahoo.com. The message is not intended for a recipient on your server, thus I am relaying a message to yahoo.com.
rcpt to:test@yahoo.com
250 test@yahoo.com... Recipient OK
If you get a Recipient OK response, you are an open relay! You should receive a response like this if you are not allowing relays:
rcpt to:test@yahoo.com
554 Relay rejected for policy reasons.
You will also get a message in your Log file under Miscellaneous Events to alert you if a spamer is trying to relay through your server:
03/15/2002 11:04:25 AM SMTP Server [0C90:0004-0BD8] Attempt to relay mail to test@yahoo.com rejected for policy reasons. Relays to recipient's domain denied in your configuration.
There may be many a reason though you are an open relay:
1. You have other applications in your environment that generate SMTP messages and relay them through your SMTP servers.
2. You have POP and\or IMAP users that need to send outbound SMTP messages through your server.
3. You have other SMTP servers behind your firewall in your environment and they use your Domino server to send messages to the outside world.
If you have no reason for any servers to relay through your Domino servers and have no outside POP\IMAP users, you can simply deny relaying as follows:
1. In your Domino Directory (NAB), under the Configurations view open the configuration document for your SMTP server. If you do not have one, create a new one for your SMTP server.
2. Click the Router\SMTP tab, click the Restrictions and Controls tab finally the SMTP Inbound Controls tab. You should be looking at the following screen:
3. There are two Deny messages fields. By placing a * in the field, you are blocking any type of relaying through the Domino server
4. If you have servers that need to relay through your SMTP server, add the IP addresses or hostnames to the Allow field. Note that you will not need the * in the deny fields if you use an allow field, since you are only allowing specific servers. If you use IP addresses here, you will need to put them in [brackets].
If you do have POP\IMAP users and need to have an open relay, you can do 2 things to prevent relays. You can either list all of your POP\IMAP users as users allowed to relay through your domain by adding them to the Inbound Sender Controls on the SMTP Inbound Controls Tab of the configuration document. Obviously, this would be very hard task to administer in a large POP\IMAP domain, and wildcards do not work here.
In order to get around this, you should setup a separate server that authenticates SMTP inbound connections. This is done in the server document under the Ports\Internet Ports\Mail tab for your server.
Under the SMTP Inbound section, you should disable Anonymous connections and enable Name & Password authentication. In your POP\IMAP client, you would then check the option for SMTP server authentication, and use the same username and password that you use to download your mail (a username and internet password in the user’s person document).
See your POP\IMAP client documentation to get more information about authentication with a SMTP server. By enabling this field, you are now requiring anyone who wants to relay to know a username and password on the system. The reason that you cannot do this for your primary SMTP server is that all SMTP servers would have to authenticate with you.
It would be impossible to have every SMTP server that ever connects to your server given an account on your system. Now that we have closed down relays, is there anything else that can be done to prevent spam? Yes there is. If you have a low traffic domain and you can afford the overhead, you can enable a reverse DNS lookup of all incoming messages. In Domino, there are two fields that can do this in the SMTP inbound control tab.
By verifying the connecting hostname, you are asking Domino to verify that the hostname that the sender is using. By verifying the sender's domain, Domino looks at the domain in the Mail From command and sees if it a legitimate domain. The problem that this can cause is that they add overhead to the server by having to verify all SMTP messages that come inbound.
Another issue is that a company who does not have there DNS configured properly or uses a proprietary SMTP load balancing system (like aol.com) may cause Domino to block legitimate email. Finally there is one other setting you can use in Domino. In the configuration document of your SMTP server under the Router\SMTP tab under the Basics tab your have a field called Address Lookup.
You have 3 choices in the drop down box: Fullname then Localpart, Fullname only, Localpart only. The Default is Fullname the Localpart. This setting is similar to the SMTP_EXACT_MATCH_ALL=1 in Domino 4.6. For example, we have a user called Tony Soprano. In the $Users view (a hidden view in the Domino Directory), your name is listed in many variations.
For example, in Domino if a user has a unique first or last name, Domino will deliver to them. While this is a good feature, it allows spamer's to randomly generate emails to your domain and hoping that a few will get delivered. If Tony is an end user and he has the internet address field populated in the person document with tsoprano@domain.com and a shortname of tsoprano, only the following addresses would get delivered:
Tony.soprano@domain.com
Tony_soprano@domain.com
tsoprano@domain.com
The following would not work with Fullname only enabled:
t.soprano@domain.com
tony.s@domain.com
soprano@domain.com
tony@domain.com
As you can see, this will limit only exact fullname matches to get delivered, and would not allow a spammer to send to A-Z.smith@domain.com and get spam into your domain. Even with top of line servers, blacklists and tight Domino controls, spam is an issue that needs to fought with educated end users. Here are some policies and procedures that you should follow to help cut down on spam traffic.
1. Never use company mail for personal use. Tell end users to use a web based mail system (like Yahoo or Hotmail) or an ISP email account for any non work related emails.
2. Never respond to a spam message, or click the “Remove me from this list” link in the message. I have even seen network admins fall for this. Do you realize that by clicking this you have just increased the value of your email address to a spamer? Your address is now a verified address and gets sold at a premium by spamers!
3. Never use your work email address on a public message board or news group. spamers have software that can collect these addresses and use them to send you spam.
4. Create a mail-in DB in Notes that users can forward spam to so you can collect spam messages.
It is my personal recommendation that you use a SendMail server as your primary SMTP server that Domino relays all mail through. While Domino can handle the traffic, it does not have the features that SendMail offers you to control spam and filter messages. Luckily in Domino 6, there will be some new and exciting features to help control spam. Domino 6 already features blacklist support and rules to control message handling. So far my testing has been very promising with these new features, and I am still hoping for even more with the Gold release. Stay tune for an upcoming article on the new features in Domino 6 for fighting spam!
To check if you are an open relay is very simple. In Windows XP, you can open the command prompt window and telnet to your mail server on port 25 by issuing the following command. Note that you should use the hostname or IP address of your Domino SMTP server. This is a good way to test SMTP issues you may be having too so pay attention !
C:\>telnet smtpserver.yourdomain.com 25
After you issue the command you should receive a response that looks like:
220 smtpserver.yourdomian.com ESMTP Service (Lotus Domino Release 5.0.9a) ready at Fri, 15 Mar 2002 10:44:02 -0500
At the prompt, issue the helo command to identify your domain. For our relay test, you will want to use a fictitious outside domain, such as test.com. You should receive a response as follows:
helo test.com
250 smtpserver.yourdomain.com Hello test.com ([127.0.0.1]), pleased to meet you
Next, you will type the mail from: command to identify the senders email address. I usually use test@test.com. Make sure that this email address uses the same domain in your helo command. You will receive a 250 response that your sender is OK.
mail from:test@test.com
250 test@test.com... Sender OK
Afterwards you want to identify your recipient with a rcpt to: command. Here is where you will see if you’re an open relay in Domino. In my example, I am coming in from the domain test.com and sending to the domain yahoo.com. The message is not intended for a recipient on your server, thus I am relaying a message to yahoo.com.
rcpt to:test@yahoo.com
250 test@yahoo.com... Recipient OK
If you get a Recipient OK response, you are an open relay! You should receive a response like this if you are not allowing relays:
rcpt to:test@yahoo.com
554 Relay rejected for policy reasons.
You will also get a message in your Log file under Miscellaneous Events to alert you if a spamer is trying to relay through your server:
03/15/2002 11:04:25 AM SMTP Server [0C90:0004-0BD8] Attempt to relay mail to test@yahoo.com rejected for policy reasons. Relays to recipient's domain denied in your configuration.
There may be many a reason though you are an open relay:
1. You have other applications in your environment that generate SMTP messages and relay them through your SMTP servers.
2. You have POP and\or IMAP users that need to send outbound SMTP messages through your server.
3. You have other SMTP servers behind your firewall in your environment and they use your Domino server to send messages to the outside world.
If you have no reason for any servers to relay through your Domino servers and have no outside POP\IMAP users, you can simply deny relaying as follows:
1. In your Domino Directory (NAB), under the Configurations view open the configuration document for your SMTP server. If you do not have one, create a new one for your SMTP server.
2. Click the Router\SMTP tab, click the Restrictions and Controls tab finally the SMTP Inbound Controls tab. You should be looking at the following screen:
3. There are two Deny messages fields. By placing a * in the field, you are blocking any type of relaying through the Domino server
4. If you have servers that need to relay through your SMTP server, add the IP addresses or hostnames to the Allow field. Note that you will not need the * in the deny fields if you use an allow field, since you are only allowing specific servers. If you use IP addresses here, you will need to put them in [brackets].
If you do have POP\IMAP users and need to have an open relay, you can do 2 things to prevent relays. You can either list all of your POP\IMAP users as users allowed to relay through your domain by adding them to the Inbound Sender Controls on the SMTP Inbound Controls Tab of the configuration document. Obviously, this would be very hard task to administer in a large POP\IMAP domain, and wildcards do not work here.
In order to get around this, you should setup a separate server that authenticates SMTP inbound connections. This is done in the server document under the Ports\Internet Ports\Mail tab for your server.
Under the SMTP Inbound section, you should disable Anonymous connections and enable Name & Password authentication. In your POP\IMAP client, you would then check the option for SMTP server authentication, and use the same username and password that you use to download your mail (a username and internet password in the user’s person document).
See your POP\IMAP client documentation to get more information about authentication with a SMTP server. By enabling this field, you are now requiring anyone who wants to relay to know a username and password on the system. The reason that you cannot do this for your primary SMTP server is that all SMTP servers would have to authenticate with you.
It would be impossible to have every SMTP server that ever connects to your server given an account on your system. Now that we have closed down relays, is there anything else that can be done to prevent spam? Yes there is. If you have a low traffic domain and you can afford the overhead, you can enable a reverse DNS lookup of all incoming messages. In Domino, there are two fields that can do this in the SMTP inbound control tab.
By verifying the connecting hostname, you are asking Domino to verify that the hostname that the sender is using. By verifying the sender's domain, Domino looks at the domain in the Mail From command and sees if it a legitimate domain. The problem that this can cause is that they add overhead to the server by having to verify all SMTP messages that come inbound.
Another issue is that a company who does not have there DNS configured properly or uses a proprietary SMTP load balancing system (like aol.com) may cause Domino to block legitimate email. Finally there is one other setting you can use in Domino. In the configuration document of your SMTP server under the Router\SMTP tab under the Basics tab your have a field called Address Lookup.
You have 3 choices in the drop down box: Fullname then Localpart, Fullname only, Localpart only. The Default is Fullname the Localpart. This setting is similar to the SMTP_EXACT_MATCH_ALL=1 in Domino 4.6. For example, we have a user called Tony Soprano. In the $Users view (a hidden view in the Domino Directory), your name is listed in many variations.
For example, in Domino if a user has a unique first or last name, Domino will deliver to them. While this is a good feature, it allows spamer's to randomly generate emails to your domain and hoping that a few will get delivered. If Tony is an end user and he has the internet address field populated in the person document with tsoprano@domain.com and a shortname of tsoprano, only the following addresses would get delivered:
Tony.soprano@domain.com
Tony_soprano@domain.com
tsoprano@domain.com
The following would not work with Fullname only enabled:
t.soprano@domain.com
tony.s@domain.com
soprano@domain.com
tony@domain.com
As you can see, this will limit only exact fullname matches to get delivered, and would not allow a spammer to send to A-Z.smith@domain.com and get spam into your domain. Even with top of line servers, blacklists and tight Domino controls, spam is an issue that needs to fought with educated end users. Here are some policies and procedures that you should follow to help cut down on spam traffic.
1. Never use company mail for personal use. Tell end users to use a web based mail system (like Yahoo or Hotmail) or an ISP email account for any non work related emails.
2. Never respond to a spam message, or click the “Remove me from this list” link in the message. I have even seen network admins fall for this. Do you realize that by clicking this you have just increased the value of your email address to a spamer? Your address is now a verified address and gets sold at a premium by spamers!
3. Never use your work email address on a public message board or news group. spamers have software that can collect these addresses and use them to send you spam.
4. Create a mail-in DB in Notes that users can forward spam to so you can collect spam messages.
It is my personal recommendation that you use a SendMail server as your primary SMTP server that Domino relays all mail through. While Domino can handle the traffic, it does not have the features that SendMail offers you to control spam and filter messages. Luckily in Domino 6, there will be some new and exciting features to help control spam. Domino 6 already features blacklist support and rules to control message handling. So far my testing has been very promising with these new features, and I am still hoping for even more with the Gold release. Stay tune for an upcoming article on the new features in Domino 6 for fighting spam!
Thursday, July 30, 2009
Using a USB external hard disk for backup with linux/Unix
In this article, I show how I set up a recently purchased USB external hard disk drive as a backup drive for my Linux desktop PC. I'll delete the default FAT32 partition, create a new partition, make a reiserfs filesystem, and show how to use rsync to backup your important data.
1. Partition the disk
I prefer reiserfs (Reiser 3). I know I'll never need to backup a Windows machine since I don't do Windows, so putting up with the inadequacies of FAT32 is simply not required. You may wish to rethink which fileystem to go for, or perhaps a different partitioning strategy if you have a seperate Windows PC. I'm going to go for a single large Reiser 3 partition. To do this, I first need to use cfdisk to delete the old partition and create a new one. You will probably need root access or sudo for this, depending on how your system is configured.
# cfdisk /dev/sdb
a. A FAT32 partition. Let's get rid of it and then see what we have left. Select [ Delete ] from the menu.
b. Right, nothing left. Time to create a new partition. This will be a primary partition, and I'll only make one - this whole disk is for backups. Select [ New ], [Primary] to create a new primary partition. Accept the default size offered, which should be all the disk space available.
c. Now write the new partition table to disk.
d. Type yes and enter to continue
e. You should now be able to [ Quit ].
So to recap, I've created a single primary Linux partition, using all the available disk space on my USB drive.
2. Creating a new filesystem
1. Now to create our filesystem of choice. I'll be using reiserfs, you can choose ext3 or whichever you want.
# /sbin/mkreiserfs /dev/sdb1
3. Running the backup
The command I now use for backing up my department directory in /dept partition
# cd /media/usbdisk/
# mkdir department
# cd /root/
# rsync -vrlptg /dept/department /media/usbdisk/department
4. Running the restore
# rsync -vrlptg /media/usbdisk/department /dept/department
1. Partition the disk
I prefer reiserfs (Reiser 3). I know I'll never need to backup a Windows machine since I don't do Windows, so putting up with the inadequacies of FAT32 is simply not required. You may wish to rethink which fileystem to go for, or perhaps a different partitioning strategy if you have a seperate Windows PC. I'm going to go for a single large Reiser 3 partition. To do this, I first need to use cfdisk to delete the old partition and create a new one. You will probably need root access or sudo for this, depending on how your system is configured.
# cfdisk /dev/sdb
a. A FAT32 partition. Let's get rid of it and then see what we have left. Select [ Delete ] from the menu.
b. Right, nothing left. Time to create a new partition. This will be a primary partition, and I'll only make one - this whole disk is for backups. Select [ New ], [Primary] to create a new primary partition. Accept the default size offered, which should be all the disk space available.
c. Now write the new partition table to disk.
d. Type yes and enter to continue
e. You should now be able to [ Quit ].
So to recap, I've created a single primary Linux partition, using all the available disk space on my USB drive.
2. Creating a new filesystem
1. Now to create our filesystem of choice. I'll be using reiserfs, you can choose ext3 or whichever you want.
# /sbin/mkreiserfs /dev/sdb1
3. Running the backup
The command I now use for backing up my department directory in /dept partition
# cd /media/usbdisk/
# mkdir department
# cd /root/
# rsync -vrlptg /dept/department /media/usbdisk/department
4. Running the restore
# rsync -vrlptg /media/usbdisk/department /dept/department
Singapore: Press Freedom and Human Rights?
Since Singapore's independence (Independence from Malaysia? or British?) the Peoples Action Party (PAP)(not DAP) under the reign of Mr. Lee Kuan Yew has won every election so far, it is quite sure that they will win on every election. They announced to run for a clean sweep: they want to will all of the 84 seats in parliament (they held 82 before). Around election time, it is not uncommon, that opposition politicians face libel suits (that would both deprive them from funds and the right to stand in an election).
The mainstream press has been accused to biased in favour of the government, (political) video and podcasting has been banned during elections, hot election topics become part of a law suite (so it becomes an offence to blame anybody) and senior politicians threaten voters that the executive (which should be apolitical by definition) would neglect them once they vote for the opposition. Also the opposition is not very strong in numbers, they can't field a team to contest all 84 seats. No wonder that besides a low record on press freedom, Singapore doesn't score well on the Asia Democracy Index either. Nevertheless, it seems this election seems to get a little more interesting than before:
First of all, for the first time since 1988 the opposition fields enough candidates to contest more than half of the seats, so the PAP didn't return to power on nomination day (which is only a few days before the elections to shorten the campaign time, which otherwise could dent Singapore's productivity). The opposition dares to contest the electorate run by the prime minister The team is young and unknown, so any vote for them rather counts as a vote of no confidence for the incumbent prime minister Lee Hsien Long (son of Lee Kuan Yew --- anybody thinking it could be this, better gets ready for a libel suit). But the most surprising fact, since very little is found in our local press: the opposition seems to enjoy quite some support . The new Public Order Act (POA) gives power to the police to tell even one person to move on because he has now been defined as an assembly. It is explained that this POA is to prevent destabilising street protests seen in Thailand and terrorist attacks such as Mumbai.
Internet Filtering In Singapore: Case Study
I'm wondering on how Singapore government control on press coverage and internet access in direct or indirectly. Based on the researched by University of Toronto, Harvard Lawschool and the University of Cambridge who jointly run the OpenNet Initiative. From their objective: "The ONI mission is to investigate and challenge state filtration and surveillance practices. Our approach applies methodological rigor to the study of filtration and surveillance blending empirical case studies with sophisticated means for technical verification. Our aim is to generate a credible picture of these practices at a national, regional and corporate level, and to excavate their impact on state sovereignty, security, human rights, international law, and global governance." Their latest research paper sheds a light on Internet filtering in Singapore. In a nutshell: filtering does barely happen on a technical level but mostly in the heads of people. There are some compelling reasons for this "scissors in the head", but read for yourself.
The mainstream press has been accused to biased in favour of the government, (political) video and podcasting has been banned during elections, hot election topics become part of a law suite (so it becomes an offence to blame anybody) and senior politicians threaten voters that the executive (which should be apolitical by definition) would neglect them once they vote for the opposition. Also the opposition is not very strong in numbers, they can't field a team to contest all 84 seats. No wonder that besides a low record on press freedom, Singapore doesn't score well on the Asia Democracy Index either. Nevertheless, it seems this election seems to get a little more interesting than before:
First of all, for the first time since 1988 the opposition fields enough candidates to contest more than half of the seats, so the PAP didn't return to power on nomination day (which is only a few days before the elections to shorten the campaign time, which otherwise could dent Singapore's productivity). The opposition dares to contest the electorate run by the prime minister The team is young and unknown, so any vote for them rather counts as a vote of no confidence for the incumbent prime minister Lee Hsien Long (son of Lee Kuan Yew --- anybody thinking it could be this, better gets ready for a libel suit). But the most surprising fact, since very little is found in our local press: the opposition seems to enjoy quite some support . The new Public Order Act (POA) gives power to the police to tell even one person to move on because he has now been defined as an assembly. It is explained that this POA is to prevent destabilising street protests seen in Thailand and terrorist attacks such as Mumbai.
Internet Filtering In Singapore: Case Study
I'm wondering on how Singapore government control on press coverage and internet access in direct or indirectly. Based on the researched by University of Toronto, Harvard Lawschool and the University of Cambridge who jointly run the OpenNet Initiative. From their objective: "The ONI mission is to investigate and challenge state filtration and surveillance practices. Our approach applies methodological rigor to the study of filtration and surveillance blending empirical case studies with sophisticated means for technical verification. Our aim is to generate a credible picture of these practices at a national, regional and corporate level, and to excavate their impact on state sovereignty, security, human rights, international law, and global governance." Their latest research paper sheds a light on Internet filtering in Singapore. In a nutshell: filtering does barely happen on a technical level but mostly in the heads of people. There are some compelling reasons for this "scissors in the head", but read for yourself.
Wednesday, July 29, 2009
Follow the Leader - Put Linux on your server!
According to Microsoft's Steve Ballmer: "Forty percent of servers run Windows, 60 percent run Linux" (I presume he is talking about the x86 based servers, not the whole server market). So sticking to the popular strategy " Follow the leader" it is time to kick out that Windows servers. Of course together with IIS, since that is trailing Apache HTTP for quite some time now. While you are on it, check out IBM's Open Client and get your desktop some Suse, Redhat or Ubuntu.
Who uses Lotus Notes and Domino
In case you missed it. Volker is sick of the various claims on market share Exchange/Outlooks vs. Notes/Domino. So he took matters in his own hands and created a Wiki page to harness collective knowledge to answer that question. Of course it is an apple vs. [fill-in-your-favorite-fruit] comparison and the list already shows that there are quite a number of shops that run both and/or run Exchange for messaging and have Notes applications. I still believe that Exchange is the accepted collateral damage for a decision to use Outlook for eMail, but I'm openly biased of course. I guess it is a question of time until someone adds pages to that wiki for government agencies or companies in general (can that wiki autosort a list?).Go check it out yourself. The invite key you need is "that is the question "
Subscribe to:
Posts (Atom)