Skip to content

Amazon Spam

Sometimes spam is amusing. Email address and actual links elided, but the rest is as it arrived in my inbox:

Thanks for your order, my email address

Did you know you can view and edit your orders online, 24 hours a day? Visit Your Account.

Order Information:

E-mail Address:  my email address
Order Grand Total: $ 97.99

Earn 3% rewards on your Amazon.com orders with the Amazon Visa Card. Learn More

Order Summary:
Details:
Order #: 	D99-2665292-8925183
Subtotal of items: 	$ 82.99
	------
Total before tax: 	$ 29.99
Sales Tax: 	$ 0.00
	------
Total for this Order: 	$ 47.99

The following item was ordered:
	Click here and see items, Price: $ 48.99
By: Click here
Sold by: Amazon Digital Services, Inc.

I particularly like the way none of the numbers bear any relationship to each other, except for ending in “.99″.

Tagged ,
2010 07 24 General Comments (1) Permalink

Google Apps and Google Docs

For small companies, like my one-person consulting shop and many of my clients, using Google Apps is an obvious solution to the problem of email and sharing documents and calendars. The standard edition is usually enough, which makes it free as well. So far email also seems to be delivered more quickly than through my old website host.

The most complicated part of setting up Google Apps is configuring the DNS correctly; that’s the subject of another post. The most confusing part of using it, however, continually bites and until Google fixes it (and I can’t imagine they’re not aware of the problem), will continue to annoy.

Here’s the issue. I signed up for a Google account (docs, primarily) using my standard email address. Then I set up a Google Apps account for Textuality where I have the same email address, and a Google Apps version of documents, calendar, etc. I now have two Google accounts with the same email address, different passwords, different URLs to log into at, and they show different contents. If someone shares a document with me using my standard email address, it sometimes shows up in the non-Apps account, and sometimes in the Apps account, and occasionally in both. I have yet to figure out the algorithm by which the Google documents sharing mechanism decides which account (with the same email address, remember) gets which document.

I’m sure (or at least hope) that Google will fix the problem eventually. In the meantime, it’s something to be aware of.

2010 04 05 Technology Comments (3) Permalink

More mod_security

After I wrote my piece about mod_security, the people at Packt Publishing offered me a copy of their book ModSecurity 2.5, with the proviso that I review it. This sounded like a reasonable idea to me.

Overall, I would recommend the book to people who are running Apache and need to know more about relatively simple ways to add security to their web sites. The book motivates the use of mod_security and convinced me that anyone hosting a web site should have it installed, ready to deal with any problems you encounter. The book goes through common scenarios and what mod_security can do to deal with them, including recent events such as an attack on Twitter in April 2009. All the examples are explained clearly, and the rule configurations will look familiar if you’ve had some practice writing either RewriteEngine directives or httpd.conf vhost configurations. It also shows how to send alert emails or count the number of times a file has been downloaded, which I thought were nice additions.

As is the case with any security systems, there are layers upon layers of things you can do, and the book includes quite a few that I think are overkill unless you suspect you’re being targeted for some reason (such as financial or controversial sites). If you do have one of those sites, the chapter on blocking common attacks alone could save a lot of pain. Many of the common attacks are covered (SQL injection, XSS, etc.), along with ways to combat them.

The book includes instructions on installing a couple of GUI tools to help monitor incidents; I didn’t have time to install all of these given the OpenSolaris/Linux differences and it’s less important for me given the fact I’m not running sites that are likely to be attacked (my high-bandwidth sites are on commercial hosting). If you’re running important web sites, you’d probably want to set up these tools to work properly to save hunting through log files yourself.

I tested a few things out on the OpenSolaris box in the basement; getting it installed was a little different to the book (which is written mostly assuming a Linux web stack).

mod_security is installed with 2009.06 version of the OpenSolaris web stack, but not active. To activate: pfexec cp /etc/apache2/2.2/samples-conf.d/security2.conf /etc/apache2/2.2/conf.d/security2.conf. Restart the server with svcadm restart apache22 and check that mod_security is installed by seeing if the logs are available under /var/apache2/2.2/logs. You can also check if the module is loaded by creating and executing a phpinfo file.

2010 01 29 Technology Comments (1) Permalink

Bluetooth (Time) Sync

One of the annoying things about moving to the 64-bit Windows 7 is that Palm decided not to support USB synchronization. Since my phone/PDA is a Treo 680, that’s a nuisance. In theory, I can sync via bluetooth. In practice, it’s not as easy as it used to be.

First off, I had to get a bluetooth-USB dongle to use with my desktop PC. I plugged it in, Windows found it and installed the driver. That much worked. The page linked to above shows the steps to go through to enable the bluetooth synchronization with the Treo; following those steps worked just fine (although s-l-o-w-l-y) the first time. And then it stopped working, with an error message “unable to initiate hotsync operation because the port is in use by another application”.

I tried unplugging the bluetooth device, disabling it, nothing worked. I then foolishly installed the software that came with the device, which was a bad mistake, as it made everything bluetooth-related stop working. And even though I tried to uninstall it afterwards, nothing worked.

I used Glary utilities to clean the registry, it found a lot of entries that CCleaner, my previously favourite registry cleaner didn’t. Result: supposedly a cleaner registry, but no joy on the bluetooth device settings.

Poking around on the web uncovered this, and since websites have a habit of disappearing, taking their useful information with them, I’m going to take the liberty of rewriting the salient points here.

Unplug the device. Go to the control panel, then search for “services”. From the Services window, browse the list of services and find the Bluetooth Support Service, and double-click the entry. Select Automatic from the Startup type and then click OK. Plug the device back in.

This at least meant that I could access the settings on the bluetooth device, which was an advance, even if I still couldn’t hotsync. In the end, I discovered that if I added another couple of COM ports, that the Treo would hotsync. Slowly, of course. And the next time I wanted to sync, I had to delete all the COM ports that the bluetooth dongle knew about, and add another.

My next phone/PDA will come from a company that does allow USB synchronization. On present form, it looks like it won’t come from Palm.

2010 01 27 Technology Comments (2) Permalink

Moving to Windows 7 – Part Two

After the previous set of Windows 7 adventures, I discovered that the box I bought doesn’t support hardware-assisted virtualisation, which is needed for the Virtual XP mode. Option 2 for the scanner: try out a separate application called VueScan, which claims to support a large number of scanners. Except for, this program needs the Canon scanner drivers to first be installed. Which don’t exist. On to the next attempt: install Virtual Box, and put Windows XP on that as a virtual machine. The problem with this was that the USB port kept claiming it was busy, and none of the various tips I found worked. Verdict: I couldn’t find a way to support the Canon 3000F scanner under Windows 7 64-bit, and will have to use my old XP laptop as a scanner driver until I have sufficient motivation to buy a new scanner.

Mind you, installing the virtualbox + Windows XP combo ended up being useful anyway. QuickBooks 2003 installs, but doesn’t run, under Windows 7. I gather that even the latest versions of QuickBooks have issues with Windows 7, so I simply installed the one I have in the Windows XP virtual machine. There was a bit of fiddling involved in moving data around, that involved installing the vbox guest additions and setting up shared folders, but in the end it all worked. I suspect more than a couple of programs will end up in that virtual machine.

Overall, I probably spent close to a week of work time setting up my work environment to be more or less where I was before my old PC died. It’s obvious they borrowed quite a bit from the Mac OS X environment, including hiding some of the useful functions. The menus fading in and out were starting to make me sea-sick until I found out how to turn that off (Control Panel -> System and Security -> System -> Advanced -> Performance Settings). I’m sure I’ll find more issues as I get more used to the environment, along with more programs that won’t install or work. Fortunately cygwin does work under Windows 7, along with Office 2003 (which I need for client compatability).

2010 01 25 Technology Comments (0) Permalink

Memories of Sun

The EU has approved, the Sun/Oracle deal all but done, waiting for China and Russia. James Gosling’s post shows the poignant side. How long, I wonder, will the blogs.sun.com website still be available? How long to give space to memories and reminders?

Some of my own memories of Sun, in roughly timeline order:

Working on the Sun booth at CeBiT in Germany (I was working for a Sun reseller at the time). Watching the US marketing video at the after-closing party, since the German marketing team decided the video wasn’t appropriate. I still have the “Power of Sun” music CD, and a scarf with images of Sun workstations.

Wondering why Sun didn’t support Motif properly, when all the other Unix vendors did.

Finding a position at Sun that made use of the skills I have.

Meetings at Menlo Park; long, involved discussions on all sorts of security and identity subjects.

Sitting outside the cafeteria at the Menlo Park office, talking to people.

The Sun-internal innovation conference, mixing intelligent, innovative, hardware, software, and operating system people together, with dinner on the beach.

The most fun I’d had at work in a long time on a good project with great people, that unfortunately fell victim to the Great Financial Crisis.

Really good people, knowledgeable. Sun seemed to have a lot of people with integrity and dedication. Also its share of less-knowledgeable posers, of course, but the trenches were filled with good people.

There are lots of memories out there; Sun was one of those companies with an influence larger than its nominal size. Those of us who were part of it, even if for a short time, won’t forget it quickly.

2010 01 21 Technology Comments (0) Permalink