Skip to content

More mod_security

After I wrote my piece about mod_security, the people at Packt Publishing offered me a copy of their book ModSecurity 2.5, with the proviso that I review it. This sounded like a reasonable idea to me.

Overall, I would recommend the book to people who are running Apache and need to know more about relatively simple ways to add security to their web sites. The book motivates the use of mod_security and convinced me that anyone hosting a web site should have it installed, ready to deal with any problems you encounter. The book goes through common scenarios and what mod_security can do to deal with them, including recent events such as an attack on Twitter in April 2009. All the examples are explained clearly, and the rule configurations will look familiar if you’ve had some practice writing either RewriteEngine directives or httpd.conf vhost configurations. It also shows how to send alert emails or count the number of times a file has been downloaded, which I thought were nice additions.

As is the case with any security systems, there are layers upon layers of things you can do, and the book includes quite a few that I think are overkill unless you suspect you’re being targeted for some reason (such as financial or controversial sites). If you do have one of those sites, the chapter on blocking common attacks alone could save a lot of pain. Many of the common attacks are covered (SQL injection, XSS, etc.), along with ways to combat them.

The book includes instructions on installing a couple of GUI tools to help monitor incidents; I didn’t have time to install all of these given the OpenSolaris/Linux differences and it’s less important for me given the fact I’m not running sites that are likely to be attacked (my high-bandwidth sites are on commercial hosting). If you’re running important web sites, you’d probably want to set up these tools to work properly to save hunting through log files yourself.

I tested a few things out on the OpenSolaris box in the basement; getting it installed was a little different to the book (which is written mostly assuming a Linux web stack).

mod_security is installed with 2009.06 version of the OpenSolaris web stack, but not active. To activate: pfexec cp /etc/apache2/2.2/samples-conf.d/security2.conf /etc/apache2/2.2/conf.d/security2.conf. Restart the server with svcadm restart apache22 and check that mod_security is installed by seeing if the logs are available under /var/apache2/2.2/logs. You can also check if the module is loaded by creating and executing a phpinfo file.

2010 01 29 Technology Comments (0) Permalink

Bluetooth (Time) Sync

One of the annoying things about moving to the 64-bit Windows 7 is that Palm decided not to support USB synchronization. Since my phone/PDA is a Treo 680, that’s a nuisance. In theory, I can sync via bluetooth. In practice, it’s not as easy as it used to be.

First off, I had to get a bluetooth-USB dongle to use with my desktop PC. I plugged it in, Windows found it and installed the driver. That much worked. The page linked to above shows the steps to go through to enable the bluetooth synchronization with the Treo; following those steps worked just fine (although s-l-o-w-l-y) the first time. And then it stopped working, with an error message “unable to initiate hotsync operation because the port is in use by another application”.

I tried unplugging the bluetooth device, disabling it, nothing worked. I then foolishly installed the software that came with the device, which was a bad mistake, as it made everything bluetooth-related stop working. And even though I tried to uninstall it afterwards, nothing worked.

I used Glary utilities to clean the registry, it found a lot of entries that CCleaner, my previously favourite registry cleaner didn’t. Result: supposedly a cleaner registry, but no joy on the bluetooth device settings.

Poking around on the web uncovered this, and since websites have a habit of disappearing, taking their useful information with them, I’m going to take the liberty of rewriting the salient points here.

Unplug the device. Go to the control panel, then search for “services”. From the Services window, browse the list of services and find the Bluetooth Support Service, and double-click the entry. Select Automatic from the Startup type and then click OK. Plug the device back in.

This at least meant that I could access the settings on the bluetooth device, which was an advance, even if I still couldn’t hotsync. In the end, I discovered that if I added another couple of COM ports, that the Treo would hotsync. Slowly, of course. And the next time I wanted to sync, I had to delete all the COM ports that the bluetooth dongle knew about, and add another.

My next phone/PDA will come from a company that does allow USB synchronization. On present form, it looks like it won’t come from Palm.

2010 01 27 Technology Comments (2) Permalink

Moving to Windows 7 – Part Two

After the previous set of Windows 7 adventures, I discovered that the box I bought doesn’t support hardware-assisted virtualisation, which is needed for the Virtual XP mode. Option 2 for the scanner: try out a separate application called VueScan, which claims to support a large number of scanners. Except for, this program needs the Canon scanner drivers to first be installed. Which don’t exist. On to the next attempt: install Virtual Box, and put Windows XP on that as a virtual machine. The problem with this was that the USB port kept claiming it was busy, and none of the various tips I found worked. Verdict: I couldn’t find a way to support the Canon 3000F scanner under Windows 7 64-bit, and will have to use my old XP laptop as a scanner driver until I have sufficient motivation to buy a new scanner.

Mind you, installing the virtualbox + Windows XP combo ended up being useful anyway. QuickBooks 2003 installs, but doesn’t run, under Windows 7. I gather that even the latest versions of QuickBooks have issues with Windows 7, so I simply installed the one I have in the Windows XP virtual machine. There was a bit of fiddling involved in moving data around, that involved installing the vbox guest additions and setting up shared folders, but in the end it all worked. I suspect more than a couple of programs will end up in that virtual machine.

Overall, I probably spent close to a week of work time setting up my work environment to be more or less where I was before my old PC died. It’s obvious they borrowed quite a bit from the Mac OS X environment, including hiding some of the useful functions. The menus fading in and out were starting to make me sea-sick until I found out how to turn that off (Control Panel -> System and Security -> System -> Advanced -> Performance Settings). I’m sure I’ll find more issues as I get more used to the environment, along with more programs that won’t install or work. Fortunately cygwin does work under Windows 7, along with Office 2003 (which I need for client compatability).

2010 01 25 Technology Comments (0) Permalink

Memories of Sun

The EU has approved, the Sun/Oracle deal all but done, waiting for China and Russia. James Gosling’s post shows the poignant side. How long, I wonder, will the blogs.sun.com website still be available? How long to give space to memories and reminders?

Some of my own memories of Sun, in roughly timeline order:

Working on the Sun booth at CeBiT in Germany (I was working for a Sun reseller at the time). Watching the US marketing video at the after-closing party, since the German marketing team decided the video wasn’t appropriate. I still have the “Power of Sun” music CD, and a scarf with images of Sun workstations.

Wondering why Sun didn’t support Motif properly, when all the other Unix vendors did.

Finding a position at Sun that made use of the skills I have.

Meetings at Menlo Park; long, involved discussions on all sorts of security and identity subjects.

Sitting outside the cafeteria at the Menlo Park office, talking to people.

The Sun-internal innovation conference, mixing intelligent, innovative, hardware, software, and operating system people together, with dinner on the beach.

The most fun I’d had at work in a long time on a good project with great people, that unfortunately fell victim to the Great Financial Crisis.

Really good people, knowledgeable. Sun seemed to have a lot of people with integrity and dedication. Also its share of less-knowledgeable posers, of course, but the trenches were filled with good people.

There are lots of memories out there; Sun was one of those companies with an influence larger than its nominal size. Those of us who were part of it, even if for a short time, won’t forget it quickly.

2010 01 21 Technology Comments (0) Permalink

Moving to Windows 7 – Part One

The motherboard on my old Windows XP box quit while I was taking a break for lunch one day, and I decided to replace it with an updated Windows box. So I’ll keep on using a Snow Leopard laptop, OpenSolaris server, and Windows 7 as well.

Maybe I was asking for trouble, going with the 64-bit version of Windows 7 Professional, but with a quad core Intel box it seemed a shame to not do so. Most of the tools I use every day (like Firefox and Pidgin) are easy to reinstall and thus ignorable. But there are some that cost me a little more time to figure out. Admittedly, it’s a somewhat eclectic collection.

First off, mail. I use Pegasus Mail, have for many years, and it suits the way I work. Every time I’ve upgraded, it’s worked flawlessly. This time, it took a while before I figured out that I needed to not take the defaults in the install, but rather uncheck the “create user configuration” box, and then in the following configuration step select “single user only”. After that, copying across the mail and configuration file worked perfectly to set it up right.

The Palm desktop presents more of an issue. It turns out that you can’t use a USB connection to synchronize under the 64-bit version of Windows 7, so I’ll have to get a bluetooth adapter to synchronize my Treo 680. Or get a new phone. I’m still mulling the options on that one.

Printer: the HP Color Laserjet CP1510 drivers and software won’t install from the CD. This isn’t really an issue; the default Windows 7 driver works fine but doesn’t show you the toner status etc. Fortunately, the HP.com website has an updated “advanced” driver. Except for, it doesn’t do all the status stuff either, apparently. Oh well.

The scanner is an ancient one from Canon, the 3000F. The scanning application won’t install. There are no drivers or updated applications on the Canon web site for Windows 7. The toolbox application for scanning and copying shows up on c|net, at http://download.cnet.com/CanoScan-Toolbox/3000-2094_4-10972136.html (it may be a dead link by the time you read this), but without the drivers it isn’t much use. Hunting around on the web showed that this is a case for the Virtual XP mode. This consists of 2 downloads, the first of which is 500 MB. The current estimate on our currently floaky DSL link is almost 2 hours to go, so I think I’ll go and do some real work while waiting for it to trickle in, and continue this post when I’ve made some more progress.

2010 01 19 Technology Comments (5) Permalink

Meeting Productivity

Some months ago, Time magazine published an article called Why the Office Oddball Is Good for Business, about how really productive meetings need someone in them to stop too much consensus too early. The article starts

Want to get the most out of your next brainstorming session at work? Bring in an oddball. If you can’t find an oddball, try a naysayer or even a mere stranger — anyone who can keep things vaguely uncomfortable. If that sounds like a prescription for one of the worst meetings you’ve ever had, suck it up and go anyway. It might also be one of the most productive.

It does sound like the recipe for an active meeting, one in which everybody has to be on their toes, listening for the real meaning behind the words. A meeting in which those catching up on their email will miss something important. A meeting which may not produce agreement, but will produce more clarity on precisely what it is you disagree about. If you’re going to have a meeting, isn’t that what you want? A meeting to produce results, not just nods around the table from people who aren’t really paying attention?

Which is not to say that every meeting should be uncomfortable; lots of meetings are to hash out details where people agree on the basics. But it’s amazing how often people think they agree about something until they’re challenged to explain it in detail, which is where they discover they disagree on the explanation.

Whether any person raising uncomfortable issues is welcome depends on who’s running the meeting, whether they’re looking for results or, instead, looking for uncritical approval of what they want. I’ve also seen cases where the person running the meeting claims to want the uncomfortable questions asked, but in reality doesn’t. it’s hard, allowing the difficult questions. Answering them is tough, admitting you don’t have answers to all of them can be tougher. So the tendency is to squelch the questions, usually by squelching the questioner. I suspect this tendency contributes to a certain number of business failures.

2010 01 05 General
Project Management Comments (0) Permalink