Bill LeFebvre, the con chair of Usenix LISA2006, has announced the call for papers.

Earlier in my career I had no thoughts of writing a paper for Usenix LISA or any other conference. However, I had a manager that encouraged me to write a paper just to see what happened. It was the best bit of career advice I ever received. Writing papers got me noticed, helped my career, and lead to things like books (which leads to fame, fortune, and zillions of groupies… oh wait, that’s what you get for being a member of the Rolling Stones. Oh well, it’s really quite similar.)

So why don’t you consider writing a paper? Is there something cool that you’ve invented that would impress other sysadmins?

The annual LISA conference is the meeting place of choice for system,
network, security, and other computing administrators. Administrators of
all specialties and levels of expertise meet at LISA to exchange ideas,
sharpen skills, learn new techniques, debate current issues, and meet
colleagues and friends.

The web site also includes instructions for people that would like to submit ideas for “invited talks.”

So I haven’t written the followup to my previous “Introduction to Mutt” blog post, but until I get to that, I figured I should pass along a few timesaving tips I’ve discovered with mutt. These tips mostly appeal to system administrators, but I can see them being easily adapted to other uses…

Colorize errors and warnings in email

If you are a sysadmin, you likely find yourself running through quite a bit of email your servers have sent to you. Sometimes all of these messages can seem like a blur, especially if some of them aren’t necessarily reporting errors. What I’ve found that if I colorize some “danger words” within the body of the email, they will naturally attract my attention when I’m skimming through it.

For starters I decided to colorize the word “warning” as bright yellow, and the word “error” as bright red, so I add the following to my .muttrc:

color body brightyellow default warning
color body brightred default error

In case you are unfamiliar with the syntax, the color configuration option in mutt takes as arguments where to colorize (in this case the body of a message), the foreground color, the background color, and then the pattern to colorize.

This caused a problem though, as the word “error” was being highlighted in the body of any email that had the phrase “no error” which was the opposite of what I wanted. So I had to add another rule after the above to fix that:

color body white default 'no error'

Finally, I decided that different iterations of the word “fail’ should also jump out at me. Mutt supports regular expressions for patterns, so the following line will match the words ‘fail,’ ‘failure,’ and ‘failed’:

color body brightred default "fail(ure|ed)?"

These of course are the few keywords I wanted to stand out, but you could easily add your own keywords to the list and colorize them how you want.

Limit the Index to Error Email

The above method works great–whenever an email contains those key words, they immediately jump out at me, but there was still a problem. I noticed with a huge body of email, I would spend a lot of time filtering through email that contained no errors before I got to the email I needed to pay attention to. The solution I came up with was to use mutt’s limit function (hit ‘l’) to limit my index to email that matched a certain pattern. That way I could read the email that contained key words first, and then type ‘l.’ to view all of the rest of the email (typing ‘l.’ will tell mutt to limit the index to all messages matching ‘.’ which matches everything).

What I ended up with was a macro bound to the F3 key that contained a rather large regular expression. The following will limit the index to all new messages (no need to read through the old error emails again) that contained the keywords ‘error’ or ‘fail’ or ‘FAIL’ in the body:

macro index <F3> "l~N ~b \"([^nN][^oO].error|[Ff][Aa][Ii][Ll])\""

Note that I also added an extra bit to weed out those pesky messages that said ‘no error’. Now when I go to one of my email folders that contain log output (you filter mail from computers to different folders than you do people, right?) I just hit F3 to read through the important email first, then hit ‘l.’ to read through the rest.

How do you weed out the important email from the less important with mutt?

I’m working with a couple of people on a small perl project that relies on a database. When we started, we were all doing our own DBI perl calls and connecting to the same database. Before long, we realized we had multiple connections going from one application to the same source.

The code was broken up in multiple modules, and each module did have a valid reason for connecting to the database, so it didn’t make sense to try and eliminate one person’s code. One possibility we briefly considered was opening one database handle, and then passing it between the modules. But then there’s the risk that the database could grow, and one handle may not properly reference where all of the data is stored.

DBI does not have a solid mechanism for managing multiple connections (not yet, anyways). The connect_cached method is a step in the right direction, but I wanted to see if there was a way I could make it a little more transparant.

After some searching, I found Apache::DBI::Cache, which is similar to Apache::DBI, but it had a couple of additional features. Most importantly, was that it could be used in a standalong script.

All you need to do is use Apache::DBI::Cache before anything else, then call the init() subroutine.

use Apache::DBI::Cache;

Apache::DBI::Cache::init();

$x=DBI->connect("DBI:foo:database=bar","example","example");
$x->disconnect();

$y=DBI->connect("DBI:foo:database=bar","example","example");
$y->disconnect();

Since the database connect methods are involked with the exact same arguments twice, only one handle is used. The second client connection is actually the first connection, because the the disconnect method was overridden.

It follows most of the same conventions as Apache::DBI, but there are one or two additional features thrown in.

Related link: http://chuvakin.blogspot.com/2006/01/ok-here-is-shot-at-my-security.html

As I promised, my security predictions for 2006 are posted. Make sure you use them to make fun of me come next year! :-)

Related link: http://www.computerworld.com/printthis/2006/0,4814,107647,00.html

Do you think vulnerability management is fun? Me too! :-)

Here is a paper [OK, my paper…] about “common mistakes that organizations make on the path to achieving vulnerability management perfection, both in process and technology areas.”

Related link: http://www.nessus.org

Just a quick note. Looks like the main changes were bug fixes, as well as some performance improvements and resource usage changes.

I upgraded my cell phone to the Samsung A900, which some of you might have seen refered to as Samsung’s answer to the Motorola RAZR. The big marketing push for the phone brags about the video and multimedia support. For me the more interesting features was the built in Bluetooth and included USB cable. I put the phone through the tests to see how useful it would be in a geek PAN environment.

Initial Bluetooth and USB Setup

The A900 has native support for HSP, HFP, DUN, OPP, FTP, and BPP Bluetooth Profiles. It also includes a USB sync cable.

The host I used for my tests was a Windows XP system with a Kensington USB/Bluetooth adaptor.

On the Bluetooth side, the initial pairing setup was okay. A novice might be a little frustrated with the short timeout that both pins need to be entered. But once that part is out of the way, the subsequent pairings went off without a hitch.

For the USB connection, I needed to download drivers from the Samsung website. And even after installing them, I had to have Windows perform a driver update function before the OS would identify the phone as a USB connected modem.

File Transfer/Synchronication Tests

The first Bluetooth test was simple FTP access to a Windows host. I didn’t have very many files on the phone, so I just started out with a couple of pictures. For sending files by FTP, the phone menu will let you select multiple files to transmit.

There is a menu shortcut to send out your personal phone book entry across as a vCard 2.1 file. It would have been cool if the phone exported it in vCard3.0 format, because then my photo could have been included. I guess until then I will just have to pose for cameraphone pictures each time I transfer the file.

On a whim, I tried using a couple of syncing applications, including Microsoft ActiveSync. Unfortunately, it didn’t work. There is no support listed for this phone using Apple iSync, either.

I could not find any options on the phone to transfer the entire phone directory at once. And from what I can tell, there is no software available for the PC side. I’ll admit I didn’t do too much research on this part, because a lot of PIM applications actually cost money. If I really needed to, I could send each phone book entry one at a time using Bluetooth.

Modem Tests

I created two dialup profiles to the same ISP; one for the Bluetooth modem, and one for the USB modem. That didn’t work out too well, since they’re both considered plug-and-play devices. It was better to just have one profile, and let Windows automatically assign whatever modem it could detect to the network properties.

Both dialup environments worked as expected. The speed was pretty good, though it’s hard to really gauge performance because the most likely point of latency would be the cellular network.

Printing

For the USB PictBridge test I used a HP 8150 Photosmart printer. The transfer and the printing worked flawlessly. I didn’t have a Bluetooth capable printer, but I would imagine that the process would work about the same.

Audio Gateway

This was the one test that failed. The PC could see the HFC profile of the phone, but I had no luck when I tried to use the phone as an input or output audio device. I’ll do some more checking on this one.

Mass Storage

The last interesting capability is using the phone as a flash drive. You can easily access and modify files on the phone. It has 50mb of storage space, so you could use it to store copies of important files.

Final Thoughts

So far, everything with this phone has worked pretty well. The connectivity applications are a good start, but there are still some areas of improvement. The first and foremost improvement would be true synchronization. But if you can get by without it, and you need a phone that can hook up to your PC, then I’d recommend giving this one a try.

I for one have no particular problems with the fact that Nessus has gone to a closed source model from version 3, with the exception that this means I can’t run Nessus on some of my platforms of choice (ie, Gentoo Linux). However, since a package is available for Debian 3.x, I wondered if it would work on Ubuntu. This didn’t prove too difficult - I expect because Ubuntu is based on Debian 3.x and also because the Nessus developers have historically bundled their own versions of libraries to prevent library dependency issues (that seems to be the usual reason for not being able to install Debian packages on Ubuntu for me).

The install itself is fairly self explanatory:

1. Download the Debian package (Nessus-3.0.0-debian3_i386.deb) from http://www.nessus.org/download/. This will involve signing up to download the binary – the e-mail they send you will allow you to register the plugin feed, allowing access to all the new plugins Tenable write after a 7 day delay.
2. Install the package using dpkg. This will install the package into the /opt/nessus/ directory:
• sudo dpkg -i Nessus-3.0.0-debian3_i386.deb
3. The install will perform several of the steps that you would have previously done manually – eg, it will add the nessus directory into the /etc/ld.so.conf file so that the libraries will load.
4. Add in your admin user using the /opt/nessus/sbin/nessus-add-first-user script. This is a bit different from how it was previously done – you add the first user this way, and then add extra users using the more familiar /opt/nessus/sbin/nessus-adduser script.
5. Break open your e-mail, and paste in the command line supplied to register your plugin feed.
6. Start the nessus daemon:
• /opt/nessus/sbin/nessusd –D

If you have a problem with the Nessus daemon not starting (or aborting when starting), try running /opt/nessus/sbin/nessusd -R and then restarting the dameon.

There are some other differences in the new version, it is well worth a peruse of the documentation. One of the major differences is that there is no longer a GUI client supplied with the package – this has been split into a separate NessusClient package that you will also need to download from http://www.nessus.org/download/, and compile and install yourself. The command line client, however, is supplied with the binary package.

Enjoy!

Related link: http://lxer.com/module/newswire/view/50944/index.html

Approximately eight years ago, I finally learned enough about Linux to use it in my daily life. I remember feeling a sense of relief because it worked, felt stable, didn’t need rebooting all the time, provided me all the tools I needed and gave me new things to learn, especially about Internet services.

At the time, I anchored a Microsoft Partner’s e-commerce practice. I had always been the MS Certified engineer with my name on the Solution Provider form. I didn’t think much about it. Microsoft furnished the desktop and many of the infrastructures on which I worked.

Once I got over the learning curve with Linux, I just stopped booting up my Windows machine and did everyting in Linux. I didn’t consider myself a traitor to Microsoft, I just enjoyed the Linux experience.

Working in a MS Partner’s practice created some conflicts and I didn’t know why. I brought a Red Hat box to the office and within a short time found myself the subject of ridicule and eventually a demand to take it home. In fact, the guys in IT unplugged it and put it in a locked storage area while I was away. I thought that someone had stolen it.

When I finally tracked the system down, I got the “we only use Microsoft at Cap Gemini” lecture. I had to read a manual I had never seen that explained one could only use Microsoft while employed at the firm.

I felt rather odd working at a firm that held itself out to be the best consultancy in the world, when our critical systems didn’t work much of the time. We had odd versions of Office on various machines, unlicensed utilities, MS Exchange, etc.

Eventually, I left the firm and started my own consultancy - a Linux consultancy. I discovered the vitriolic dislike Microsoft had for everyone. I had never been on the other side of the fence so it came as a surprise.

It doesn’t take long to discover the dislike Microsoft has for its competitors, just attempt to build a Linux server on name brand computers and see what happens.

All I really wanted was to run Linux, help others, make a living providing support for businesses wanting a stable platform to handle their web services and do my job well.

I never understood why that was a crime in the eyes of Microsoft. What about my business created a threat to them? I wasn’t attempting to put them out of business, so I felt very confused about their attitude toward Linux and by association - me.

I thought I lived in a free country and that my government would protect me from harmful tactics. I thought that America was the land of the free and the home of the brave. I believed that the law would allow me to pursue my dreams and aspirations without the henderance of companies like Microsoft. But, alas, I discovered differently.

I consider Microsoft weird. Normal people don’t act the way they do. Abnormal people go to extremes when they feel the least threat whether real or imagined.

So, when I uncover behavior like I do with Microsoft and I write about it, don’t consider me having a vendetta. I believe describing what I consider abnormal behavior, something about which one would normally write.

And when it gets down to the basics of my nature, I consider myself first and foremost a writer.

The referenced article is Following Bill Gates Linux Attack Money: Slush Funds, Litigation for FOSS Advocates