XS4ALL Plans Outbound Port Filtering

A usenet posting suggests that XS4ALL will provide a filtering service to their subscribers. The filter would consist of 5 levels. Ranging from fully open to 'fully' closed. The first will give you the possibility of running your own services at home, and the latter means you're only able to e.g. surf and e-mail (through the XS4ALL SMTP server).

The filters would give the basic/ignorant user the opportunity of preventing the spreading of malware and other stuff by default. The more tech savvy subscribers can remove the filter for running a bunch of services (webserver, ftp, mail, DNS, etc).

Definitely a good decision. I just hope that the other ISP's will do something similar, because most of the virus/malware/massmailing 'software' is running on PC's run by the average user. Totally ignorant of the malware running on their PC's.

Yet another 'thumbs up' for the quality provider of the Netherlands

Posted on August 13, 2008 by Willem and filed under Internet, News, Security and tagged port filtering xs4all.

Full Disk Encryption for the Mac

Checkpoint acquired a company called PointSec a while ago. This company made full hard disk encryption software for Windows. Now, Checkpoint has released a hard disk encryption version for the Mac. I guess they are taking OSX seriously.

Disk encryption is available today for the Mac (TrueCrypt, PGP), but these aren't able to encrypt the boot partition. Only partitions are by the use of containers. This type of software was available to Windows only primarily.

Now that the 'trick' has been done, I guess more will follow.

I do wonder if it's still possible to use SuperDuper for cloning a bootdisk....

Posted on June 3, 2008 by Willem and filed under Apple, News, Operating Systems, Security, Switched2Mac and tagged Encryption Mac OSX PGP TrueCrypt checkpoint pointsec.

OpenSSH Vulnerabilities

It seems that public key authentication isn't as save as you might have thought. That is if you're using a Debian based OpenSSH solution. This package can be found in many Linux distributions like;

Debian (duh ;) )
Ubuntu
Kubuntu
etc.

The problem is that the random number generator (which is of vital importance in generating key-pairs) isn't as random as you might think. It seems that there are only about 30.000 combinations in this specific generator. This leaves the door wide open for brute-force attacks.

So, the first you must do is update your OpenSSH software, and generate new keypairs for all devices / users which might have keys which were generated with the vulnerable OpenSSH software. Softwarepackages depending on OpenSSH are;

OpenVPN
DNSSEC
OpenSSH
Certificates used in TLS connections
etc.

More info on the subject can be found here [1, 2, 3].

Posted on May 20, 2008 by Willem and filed under Linux, News, Security, Software and tagged Debian OpenSSH PKI vulnerability.

A Slow Week

Biggest (techno) news in the Netherlands was probably the failure of the Internet. The largest ATM Internet backbone massively failed in the Netherlands. This resulted in thousands of people without any Internet access for 1-3 days.
Currently the problems are temporarily patched, but they are still on high alert.

For the first time I wasn't affected. Normally this only occurs to me.

Purely coincidentally, I found a South Park episode (s12e06/Over Logging) in which the Internet fails. This results in mayhem in South Park (just like it did over here).

Furthermore, I drove 170 kilometer today, and it took me about 5 hours. Traffic jams due to spring rain (????) were to blame (according to the traffic information services). Basically, because people are egoistic when they're driving, and won't anticipate (when they're reading the paper, shaving, and/or applying make-up using the rear view mirror) on their surroundings.

So no Internet (for large parts of the Netherlands), and traffic jams from here to Tokyo. So 'slow' might be an understatement.

Posted on May 16, 2008 by Willem and filed under Annoying, Internet, News, Personal and tagged Internet failure slow traffic jams.

Ubuntu 'Hardy Heron' Released

As of yesterday, the latest Ubuntu release 'Hardy Heron' is available for download (both client and server). Every time a major Linux distri(bution) hits 'the shelves', the Linux community roars. With each release (Ubuntu or whatever flavor) the Linux community gets closer, and closer to Windows.

Even though the OS itself is getting better and better. It still lacks the support of decent major software like Adobe Creative Suite, etc. It's missing the software people use in every day (business)life.
Sure, there a million different ways of running Microsoft Office or Adobe Photoshop on a Linux OS, but these require a commercial piece of software (CrossOver) , or in depth knowledge of the OS to make it work (Wine in some cases). Two things that shouldn't be required. Not if you're used to Windows (or Apple's OSX). And even if you find a 'substitute' it's most likely to have an awful user experience.

The average housewife won't use Linux, because her friends all use Windows. All those nice little Windows programs, which makes life easier (or a living hell with all the mal/spyware out there). So if the Linux community wants to make a difference they need to create some sort of critical mass (by their selves, or by Microsoft screwing up) to get the attention of the 'normal' user. But in a community where there's no real (commercial) business model, it's gonna be damn hard.

Microsoft created this critical mass by playing (probably) the best marketing trick in the world; Release Windows 95, and turn a blind eye to those who use a pirated copy at home. The home users create demand on the workfloor, so businesses start to use it on their workstations. Soon everyone was addicted. And now it's damn hard to beat the addiction.

B.t.w., Apple is doing it a lot better. They created a nice and stable OS (just like the average Linux desktop distribution), BUT the OS has ALL the relevant drivers for the hardware used. ALSO they have a complete (and cheap) software suite (iLife and iWork), which is more than enough for the average family. No need to search the caverns of the Internet for software, and they look and feel the same as the OS.

So, I guess that my conclusion is that the OS is nearing perfection, but it (Linux in general) lacks good and decent third party software (and a good marketing machine :) )

In the mean time; I'm gonna upgrade my Linux (mail, web, and ssh) servers at work to 'Hardy Heron'.

Posted on April 25, 2008 by Willem and filed under Apple, Linux, Microsoft, News, Operating Systems, Personal, Software and tagged Apple Hardy Heron Linux Microsoft OSX Windows iLife iWork ubuntu software.

Awesome Screensaver

I listened to the latest 'This Week in Tech' podcast today. They mentioned a screensaver called FlickrFan. This screensaver can connect to flickr account and images to use in the screensaver. But it also downloads current Associated Press images in high quality and more. This results in awesome pictures from around the world covering the news in HIGH-RES. B.t.w. it's much more than just a screensaver, but I liked the screensaver-part best.

Posted on March 6, 2008 by Willem and filed under Apple, News, Photography, Software, Tips'n Tricks.

History Repeating

About 4 years ago (to this date), I went to the west coast of the US for a 3 week holiday. At the time there were also several forest fires. It almost seemed that the fires were following us. Everywhere we had been, things started to burn. Now, exactly 4 years later, the same thing is happening. Only difference is that I'm not in the US. So don't blame me ;-)

Posted on October 24, 2007 by Willem and filed under News, Personal.

Speed Photography in New York

And again a ridiculous law in the United States. The land of opportunities, and lame laws. Starting in August 2007, you can't be in one place for more than a half hour to make (scenic) photographs or shoot some video. This includes the setting up of your tripod etc. So no more waiting for that special sunset, or waiting for the sky to clear for that one special shot of/for your sweetheart. To make it even more ridiculous, you also need an insurance of 1 million USD if you need more time (which means you need a special permit). No doubt that this is initially intended for the professional movie makers or photographers, but there's the fear that this will be abused to harass the common man/woman/tourist. It must be very handy to have very general laws/rules, which the government can interpret as they see fit. Why don't they just pass a law which is states "It's illegal to....". In this case they can fill in the blanks whenever they want... Oh wait, they already did... The Patriot Act.

Posted on July 31, 2007 by Willem and filed under News, No Way!!!, Personal, Photography.

Reality Donor Show Was a HOAX

A couple of weeks ago, a non-commercial TV station BNN announced that they would air a live kidney donor show. The idea was that a terminal ill patient got to decide which kidney patient could get her kidney. Lot's, and lot's of people (from all over the world) thought that this was an outrage. Yesterday the show aired (even though lot's of government officials were against it). At the end of the show, it seemed that it was just a hoax. The terminally ill patient was an actrice, but the needy kidney patients were real. Reason for airing this show was to make people see that organ donation is needed (a lot). It seems that Holland has to lowest rate of organ donors in Europe. Well, they surely succeeded in raising attention to the subject. The news travelled all over the world. Personally, I've been a registered donor since 1998. They may harvest my body, when I'm dead of course, for the good of mankind. After which they may burn what's left behind. My opinion on organ donation is that someone who is a donor should have a much higher priority for receiving a donor organ. Live isn't just about taking/consuming. It's also about giving. If you're not registered as a donor... click here, and make sure you become one as soon as possible.

Posted on June 2, 2007 by Willem and filed under News, Personal.

Free Hotspot Access

You're in luck, if you have a XS4ALL Internet account. Normally, you have an hour a week free Hotspot access, and this summer you are even more lucky. XS4ALL provides over 900 free Hotspots throughout the land this summer (June, Juli, and August).

Posted on June 2, 2007 by Willem and filed under Fun, Internet, News.