Finding and blocking an abusive host from your Apache log

Finding and blocking an abusive host from your Apache log

My web site slowed to a crawl last night, my CPU usage soared to 100%, and my built-in security measures weren’t helping. I ended up having to do some old-school Linux sysadmin work to stop them.

I haven’t been an everyday sysadmin since 2009. But every once in a while I can still come off the bench and do this stuff.

Read more

What happened to Compuserve?

What happened to Compuserve?

Compuserve was an online service for dialup modems from the 1970s to the 1990s. It was a way of getting online and communicating with others before the Internet was generally available to individuals. Later, it became a primary way for individuals to connect to the Internet, turning itself into an Internet Service Provider. But over time, it faded away into history. Here’s what happened to Compuserve.

Read more

Blu Studio One review

I needed a phone in a hurry the other day when my wife’s Moto E started acting up. We turned to the Blu Studio One, specifically model# S0110UU. This is my Blu Studio One review.

It’s an inexpensive midrange phone for people who want to bring their own to their carrier rather than (over)paying on a monthly installment plan. It works with GSM providers like T-Mobile and AT&T. It does not work with Sprint or Verizon, since they use the CDMA standard. Some of the smaller carriers also work with GSM. Buying a Blu phone isn’t a bad way to go when you’re looking to save on a cell phone.

Read more

The freedom to fix our stuff

This week the Wall Street Journal ran an editorial about the right to fix our gadgets. It was surprisingly pro-consumer. The author wrote about a friend whose Samsung TV broke due to $12 worth of capacitors and how he fixed the TV, with no experience, in a couple of hours. I can relate, though I took the easy way out.

He lamented the throwaway of gadgets being unethical on several levels, and I agree. I also remember a time when it wasn’t this way.

Read more

Women in tech: The forgotten story of Vector Graphic

Women in tech: The forgotten story of Vector Graphic

I frequently hear lamentations about the number of women in the technology field–or the lack of them. Although there have been a number of successful women in the field, such as Meg Whitman, CEO of HP and formerly Ebay; Marissa Meyer, CEO of Yahoo; and Carly Fiorina, former CEO of HP, men outnumber women in the field and often by a large margin.

That perhaps makes it even more sad that few remember Vector Graphic today. Last week Fast Company profiled this pioneering computer company that time forgot.

Read more

Expect a rough road ahead for Flash

Adobe has patched Flash twice in two weeks now. The reason for this was due to Hacking Team, an Italian company that sells hacking tools to government agencies, getting hacked. Hacking Team, it turns out, knew of at least three unpatched vulnerabilities (also known as “zero-days” or “0days”) in Flash, and exploits for these vulnerabilities were among the things that got breached.

That’s why Adobe is having a bad month.

Read more

Don’t e-mail yourself a list of all your passwords and bank account numbers to yourself from work

So my buddy, we’ll call him Bob, runs Data Loss Prevention (DLP) for a big company. DLP is software that limits what you can do with sensitive information, in order to block it from going out of the company. The NSA wasn’t using DLP back when Ed Snowden was working for them; they probably are now.

Sometimes DLP blocks people from sending their own personal information. Doing so is their right–it’s their information–but from a security point of view, I’m really glad DLP kept them from e-mailing their entire life around in plaintext.

Read more

How to use the lock in your web browser’s location bar

How to use the lock in your web browser’s location bar

A commenter asked me last week if I really believe the lock in a web browser means something.

I’ve configured and tested and reviewed hundreds of web servers over the years, so I certainly hope it does. I spend a lot more time looking at these connections from the server side, but it means I understand what I’m seeing when I look at it from the web browser too.

So here’s how to use it to verify your web connections are secure, if you want to go beyond the lock-good, broken-lock-bad mantra.

Read more

Linux is unrelated to extremism

The NSA’s spying on Linux Journal readers is precisely what’s wrong with NSA spying. Why? It paints with an overly broad brush.

Eric Raymond’s views on many things are on the fringes of what’s considered mainstream, but he’s not the kind of person who blows up buildings to try to get his point across.

And here’s the other problem. Does Eric Raymond even represent the typical Linux Journal reader? Odds are a sizable percentage of Linux Journal readers are system administrators making $50,000-ish a year, or aspiring system administrators who want to make $50,000-ish a year, who see knowing Linux as a means to that end.

It’s no different from targeting Popular Mechanics readers because someone could use information it publishes in ways you don’t agree with. Read more

Passwords you need to change in Heartbleed’s wake

Heartbleed, a serious vulnerability in a piece of Internet backend software called OpenSSL, is the security story of the week. Vulnerable OpenSSL versions allow an attacker to see parts of a web session they aren’t supposed to see, including passwords in transit.

Timing is critical. If a site upgrades to a new version after you change your password, you have to change your password again. That’s why some experts are saying to wait, and others are saying change right now.

Here’s a list of sites that are affected or potentially affected. My recommendation: Change any passwords for any sites on this list listed as affected. Hint: Yahoo, Google, and Facebook are on the list. If at any point in the near future you get e-mail from them saying you need to change your password, change it again.

To clarify: Changing your password right now won’t hurt, but it might not be enough either. To be safe, you may end up changing some passwords twice, so be ready for it.

Another clarification: If you’re using 2-factor authentication, don’t bother changing the password. An attacker has to catch the password after it’s been sent, but if you’re using 2-factor, you’re not sending the password (you’re sending other stuff–and that stuff changes to prevent replay attacks), so you’re good.