Keeping your NAS off Google

I read in a couple of places the last few days about search engines picking up data stored on poorly configured consumer routers acting as a NAS. This isn’t a case of being evil; rather it’s a case of people accidentally posting stuff in public where search engines will find it. Finding difficult-to-find data is what search engines do for a living, so I don’t fault any of the search engine companies for this. Keeping your NAS off Google is probably something you want. Here’s how to do it.

The solution is to know what you’re doing when you need to access your data both at home and on the road. I apologize for the snark, but there are consumer-friendly ways to do it, like using a cloud provider.

Read more

The NSA’s guide to finding things on the Internet is available now

A wonderful NSA document called Untangling the Web, thanks to a FOIA request, is now available and free for all to download and use. Although dated, the book will prove highly useful. If you company or client is exposing data that it shouldn’t to the public Internet, this book will help you find it, so you can correct it.

The copy isn’t perfect. It’s a bit dated, and it’s a straight scan to PDF, so it isn’t searchable, and it’s not the clearest, cleanest copy. I’m cleaning up a copy for my own use right now. I expect to use it, and often. It isn’t a document I’ve been privileged to see before, so I’m excited to have a chance now to study it and learn its techniques. Read more

The old days of viruses

Blogging pioneer John Dominik, inspired by my Michelangelo memories, wrote about his memories of viruses later in the decade. So now I’ll take inspiration of him and share my memories of some of those viruses. I searched my archives, and at the time it was going on, I didn’t write a lot. I was tired and angry, as you can tell from the terse posts I did write.

Read more

Punishing the curious for something that should have never happened

I saw a story on the news tonight about more than 100 students who won’t be getting into MBA programs. Why? When they applied to a number of prestigous universities, a posting on a bulletin board claimed to let them view their records and see if they were admitted or not.

It didn’t work for all of them. But those who tried to peek are being punished.My question is why is this information on the public Internet to begin with? This is precisely what intranets are for: You put sensitive information on a web server behind a firewall. Then you define one or more computers who can see it. The rest of the world can’t access it, because the rest of the world doesn’t know it exists. But those who are authorized to see it can see it, through the convenience of a web browser.

Leaving this kind of information on a web server that’s open to the public via the plain old Internet is akin to keeping student records, finals, and other sensitive information at the campus library. If it’s out where someone can see that it’s there–or might suspect it’s there–then someone’s going to look. It shouldn’t be there in the first place. I had professors who never kept tests in their office because some student at some point in time had broken in, hoping to get a preview of the final.

Punishing applicants for typing in a link that they figured wouldn’t work anyway accomplishes little or nothing, except to say that some of the nation’s finest universities have given no thought whatsoever to their computer security and network design.

I hope their graduates are smarter than the people who run the place. But that’s probably a given.

VMWare is in Microsoft\’s sights

Microsoft has released its Virtual Server product, aimed at VMWare. Price is an aggressive $499.

I have mixed feelings about it.VMWare is expensive, with a list price of about 8 times as much. But I’m still not terribly impressed.

For one, with VMWware ESX Server, you get everything you need, including a host OS. With Microsoft Virtual Server, you have to provide Windows Server 2003. By the time you do that, Virtual Server is about half the price of VMWare.

I think you can make up the rest of that difference very quickly on TCO. VMWare’s professional server products run on a Linux base that requires about 256 MB of overhead. Ever seen Windows Server 2003 on 256 megs of RAM? The CPU overhead of the VMWare host is also very low. When you size a VMWare server, you can pretty much go on a 1:1 basis. Add up the CPU speed and memory of the servers you’re consolidating, buy a server that size, put VMWare on it, and then move your servers to it. They’ll perform as well, if not a little bit better since at peak times they can steal some resources from an idle server.

Knowing Microsoft, I’d want to give myself at least half gig of RAM and at least half a gigahertz of CPU time for system overhead, minimum. Twice that is probably more realistic.

Like it or not, Linux is a reality these days. Linux is an outstanding choice for a lot of infrastructure-type servers like DHCP, DNS, Web services, mail services, spam filtering, and others, even if you want to maintain a mixed Linux/Windows environment. While Linux will run on MS Virtual Server’s virtual hardware and it’s only a matter of time before adjustments are made to Linux to make it run even better, there’s no official support for it. So PHBs will be more comfortable running their Linux-based VMs under VMWare than under Virtual Server 2003. (There’s always User-Mode Linux for Linux virtual hosts, but that will certainly be an under-the-radar installation in a lot of shops.)

While there have been a number of vulnerabilities in VMWare’s Linux host this year, the number is still lower than Windows 2003. I’d rather take my virtual host server down once a quarter for patching than once a month.

I wouldn’t put either host OS on a public Internet address though. Either one needs to be protected behind a firewall, with its host IP address on a private network, to protect the host as much as possible. Remember, if the host is compromised, you stand to lose all of the servers on it.

The biggest place where Microsoft gives a price advantage is on the migration of existing servers. Microsoft’s migration tool is still in beta, but it’s free–at least for now. VMWare’s P2V Assistant costs a fortune. I was quoted $2,000 for the software and $8,000 for mandatory training, and that was to migrate 25 servers.

If your goal is to get those NT4 servers whose hardware is rapidly approaching the teenage years onto newer hardware with minimal disruption–every organization has those–then Virtual Server is a no-brainer. Buy a copy of Virtual Server and new, reliable server hardware, migrate those aging machines, and save a fortune on your maintenance contract.

I’m glad to see VMWare get some competition. I’ve found it to be a stable product once it’s set up, but the user interface leaves something to be desired. When I build or change a new virtual server, I find myself scratching my head whether certain options are under “Hardware” or under “Memory and Processors”. So it probably takes me twice as long to set up a virtual server as it ought to, but that’s still less time than it takes to spec and order a server, or, for that matter, to unbox a new physical server when it arrives.

On the other hand, I’ve seen what happens to Microsoft products once they feel like they have no real competition. Notice how quickly new, improved versions of Internet Explorer come out? And while Windows XP mostly works, when it fails, it usually fails spectacularly. And don’t even get me started on Office.

The pricing won’t stay the same either. While the price of hardware has come down, the price of Microsoft software hasn’t come down nearly as quickly, and in some cases has increased. That’s not because Microsoft is inherently ruthless or even evil (that’s another discussion), it’s because that’s what monopolies have to do to keep earnings at the level necessary to keep stockholders and the SEC happy. When you can’t grow your revenues by increasing your market share, you have to grow your revenues by raising prices. Watch Wal-Mart. Their behavior over the next couple of decades will closely monitor Microsoft’s. Since they have a bigger industry, they move more slowly. But that’s another discussion too.

The industry can’t afford to hand Microsoft another monopoly.

Some people will buy this product just because it’s from Microsoft. Others will buy it just because it’s cheaper. Since VMWare’s been around a good long while and is mature and stable and established as an industry standard, I hope that means it’ll stick around a while too, and come down in price.

But if you had told me 10 years ago that Novell Netware would have single-digit marketshare now, I wouldn’t have believed you. Then again, the market’s different in 2004 than it was in 1994.

I hope it’s different enough.

Preserving those new (and old) holiday memories

Sorry, I never got around to those promised posts because, well, I’ve become a genealogy addict. But don’t you worry, this post is relevant even to people who are sick of reading about genealogy.
Mom and I were going through some old photo albums, and some of the photographs were in pretty bad shape. For all the talk about concerns over how long inkjet prints of digital pictures might last, some of Mom’s 30-year-old prints are, well, fading fast. Meanwhile, Mom has some prints that were taken 30 years ago that look like they could have been processed yesterday, except for the clothes the people were wearing.

I remember almost 15 years ago, when a neighbor’s house burned, going through their rescued photo albums, opening up the drenched pages, taking out whatever photos would come out in one piece, and putting them on towels scattered about the house to dry. I noticed that Polaroids are very difficult to get remove intact from sticky album pages, even under ideal conditions. Well, now I wonder if anyone pays attention to the acid content in those album pages and what else might contribute to pictures deterriorating.

But I’m not going to spend too much time thinking about that (why not leave that to the infamous self-proclaimed aristocrat and scientist?) because there’s an easy solution.

Scan those bad boys.

Most people have mountains of photographs, so it’ll take a while, but if you set out to scan a page a day, or a few pages a week on Saturdays and Sundays, you’ll eventually get through them. Burn them to a quality CD–I know among the name-brand discs you find in stores, the most consistent performer you’ll find is Kodak. If you buy in bulk, your best bet is either Mitsui or Taiyo Yuden, which are the two brands that CD duplicators most frequently use. The estimated lifespan under reasonable conditions for a high-quality CD-R is around 100 years. Some of my cheap house-brand CD-Rs haven’t lasted two years. So buy good stuff, and store the discs at room temperature. Don’t put them in the attic unless they’re full of pictures of former significant others whom you wish you’d never met. Remember the basic scientific principle that raising the temperature 10 degrees doubles the speed of a chemical reaction, so in theory, raising the temperature 10 degrees halves life expectancy. Storing your CD-Rs in a closed box in the basement, assuming it’s not terribly humid down there (40% relative humidity is optimal, according to Kodak), would be a good idea.

Actually, that same principle would be just as true for your prints as well.

Anyway, what do you do when the prints have already started to fade? Scan them anyway. Sometimes the scan ends up looking better than the original. If not, then try turning them into B&W pictures. Use your imaging software to convert it to greyscale, then play with the brightness and contrast. You’ll lose the color, but you might very well save the print. In the case of some of the old pictures of me, it’ll be harder to tell that I had blonde hair when I was really young, but it’ll at least be possible to tell what I looked like.

If you don’t have a scanner or you’re dissatisfied with the speed or quality of your existing scanner, I can recommend Canon’s LiDE series. They’re inexpensive and offer a very nice combination of speed and image quality. Most of them get their power from the USB port, which saves you a power outlet. And they’re small and light enough that they can fit into a laptop bag, making it possible to take a scanner and laptop along with you when you visit family and scan some old photos.

Getting those photos into digital form gives you other advantages as well. Some imaging software allows you to add captions or descriptions to the photos. If you’re Linux-savvy, you can set up a nice family website using one of the 12 bazillion gallery programs out there. You can keep it on your local LAN if you don’t want that stuff on the public Internet–you and your family can still enjoy punching through pictures on a strategically placed computer the same way you flip through old photo albums. If you’ve got a nice color printer, you can make as many reprints as you want, and if they fade, you can always just print them again. And while you’re burning CDs, you can burn an extra copy or two and keep them in someone else’s basement. If disaster strikes, insurance can replace most material items, but not the one-of-a-kinds like your photographs. Fortunately it’s easy to ensure they’re no longer one-of-a-kinds.

When will we take security seriously?

Overheard today at work:
“Hackers don’t usually work during the day, or on weekends…”

I guess by that same logic, I could say that I ran file servers with all ports exposed on the public Internet for years and never got hacked (just don’t mention that those years started in 1996 and ended in 1998).

It’s sad that there are people who still don’t take security seriously. The attitude I heard 10 years ago–“What? Do they want to look at the GIFs and JPEGs on my hard drive? If they can get in, they can have ’em!”–pervades today. Nobody’s interested in your GIFs and JPEGs because you don’t have anything that hasn’t been posted on Usenet’s alt.binaries groups a dozen times, but they want your high-speed connection. It doesn’t matter anymore how insignificant you are. If your computer is online, they want it.

I’m quickly reaching the point where I believe it’s socially irresponsible to have anything faster than a 56K dialup connection and not have a hardware-based firewall sitting between you and the Internet. I bought a couple of the low-end Network Everywhere-brand (made by Linksys) 4-port cable/DSL routers a year ago. I paid $50 apiece for them. That’s what you’ll pay for a shrink-wrapped “Internet Security” software package, but it’s more effective and it doesn’t slow your computer down. Even a one-computer household should have one.

As far as antivirus software goes, Grisoft offers antivirus software free for home use. Yes, it slows your computer down. If you don’t like that, run Linux. Grisoft’s AVG is free, effective, and easy to use. And it stamps outgoing e-mail, assuring your friends that your mail has been scanned. That’s comforting in these days.

Hopefully the typical computer user will soon outgrow the teenage it-can’t-happen-to-me mindset.

But I won’t hold my breath. Since hackers only work on weekdays, problems can only happen when I’m at work and my home PC is off, right?