Thursday, February 07, 2013

Rebuilding

Turns out the datacenter outage this week seriously damaged the host server that my VPS was runnning on. I've spent the better part of the waking hours since I got home last night rebuilding the email server portion.

I swear by Postfix, complimented by policyd-weight and postgrey. I have some tweaking to do to the policyd-weight settings and I need to install fail2ban for the spammers who continually hammer the server in spite of receiving a BuzzOffNotice. Amavis, ClamAV and SpamAssassin are fairly hands off. One site I was reading debated the need for ClamAV these days, saying that most of the virus payloads get stopped by the anti-spam measures. Interesting idea.

It's not lost on me that, yes, I should have had a backup of these files. It's not without irony that I deleted the files from the last server update just last week. I'll have to search the WayBackMachine for a few bits of website that I don't have backups of.

As for things residing in ~, I got sshfs working this afternoon and I'll be able to keep settings synced across different servers. Next step is to combine sshfs with autofs and have it mount the remote files as they are needed.


Links
Postfix setup:
http://rimuhosting.com/support/settingupemail.jsp?mta=postfix
http://colekcolek.com/2012/02/25/install-spamassasin-clamav-amavis-ubuntu-debian-squeeze/
http://www.freesoftwaremagazine.com/articles/focus_spam_postfix/

http://www.unixwiz.net/techtips/postfix-HELO.html

fail2ban:
http://www.howtoforge.com/fail2ban_debian_etch
http://www.fail2ban.org/wiki/index.php/Main_Page



pflogsumm:
https://calomel.org/pflogsumm.html

postgrey logging:
http://www.debuntu.org/postfix-and-postgrey-a-proactive-approach-to-spam-filtering-page-2/

Wednesday, February 06, 2013

Exhasperation

Currently debating my choice in VPS provider. Before November, I was a long standing user of TekTonik VPS service, but the price and limits on certain services had me go shopping for another service. The service I opted for was 1/3 the price and allowed me to run a Tor server.

Since switching over I have had a server issue due to high loads on their LA servers which the said was due to the high number of Pacific Rim users who VPN in to access U.S. content. After getting my server transferred to Chicago, there have been several datacenter outages and one service interruption/suspension due to someone using my Tor Exit relay for spamming.

I didn't have very many issues before the move. Now after the latest host crash I am debating the need to do a new round of shopping. I am not looking forward to having to transfer server setting over all over again. I wish I could run a virtual server on a virtual server and just copy the server from one install to the other.

Wednesday, January 30, 2013

Virtual Machines

Recently I had a 1 a.m. incident. You know that moment. It's 1 a.m. and your hard drive is making nasty noises and you are clear that you are in no state of mind to begin fixing the problem. I use CrashPlan, so I have regular backups of my data, but I've never found a good way of quickly restoring the OS after one of these episodes. I resolved to make a secondary data backup to an external hard drive and go to bed. The nasty sounding hard drive itself will have to wait.

I have know about Virtual Machines, but had never really dealt with them before. I started looking into them and decided the one that sounded the best was VirtualBox. I have tried a few OS images, running into quirks here and there.

I currently have working images of Debian Linux and Windows Vista Home Basic running under Windows Vista 64bit Home Premium. One I am happy with the performance and my skills in using VirtualBox, I'll replace the hard drive (which hasn't made the a fore mentioned nasty noises since that night) and load a Linux OS as the Host OS.


Downloads – Oracle VM VirtualBox

SSHFS:

debian sshfs automount fstab - Google Search
Mounting Remote Directories With SSHFS On Debian Squeeze - Page 2 | HowtoForge - Linux Howtos and Tutorials
How to: Mount Remote Directories using sshfs | Linuxers
SSHFS: Super Easy File Access over SSH | Linux Journal
SSHFS: Super Easy File Access over SSH | Linux Journal
SSHFS: Super Easy File Access over SSH | Linux Journal

Tuesday, January 22, 2013

Resources for batmand

Amazon.com: Monoprice Micro USB Backup Battery Pack for Smartphones, Cellphones, and Cameras (1900mAh): Cell Phones & Accessories
USB Storage - OpenWrt Wiki
WR703N | modlog.net
Build One
Open Garden Lets You Crowdsource Your Mobile Connectivity | TechCrunch
Quick-start-guide - batman-adv - Open Mesh
Batman-adv-openwrt-config - batman-adv - Open Mesh
[B.A.T.M.A.N.] The great #batdroid hackathon of July 2010
/ - android-batdroid - B.A.T.D.R.O.I.D. connects your rooted Android handset to B.A.T.M.A.N. mesh networks. - Google Project Hosting
WiFi Tether for Root Users - Android Apps on Google Play
WiFi Tethering - Android Apps on Google Play
Setting up a BATDROID/MP network - Google Groups
https://blog.itu.dk/SPVC-E2010/files/2011/08/13adhocandroid.pdf
Emergent Network Field Day - Makers Local 256
Projects - Commotion Wireless Project
Background and philosophy - Commotion Wireless - Commotion Wireless Project

Life and Death Planning


Some links I am perusing to that got my attention.

Sunday, January 20, 2013

Mobile devices, VPS, and OpenVPN

I am debating tackling OpenVPN. Or taking a nap first. I may regret trying to tackle this without having a clear head.

One of my project ideas is to route all the house mobile devices though the VPS that runs our email and web services. The idea being that when a user has the laptop for example at a Starbucks and is using the open wifi connection, all data is encrypted and can't be compromised.

The idea is that the VPN should be unintrusive to the user. Set it and forget it. This means in some cases where it is a hardware to hardware tunnel that there is no prompt for username and password.

I am trying to find the proper OpenVPN settings for this and it is a challenge.

OpenVPN HowTo goes into much detail about OpenVPN , but outside of the static key bit lacks any concise discussion about the server modes.
OpenVPN without username/password is specific to pfSense. I am trying to find more details related to changing the server mode.
OpenVPN 2.0.x, example 3 is the first one I'll be trying, if I can convert it from CLI notation to a server.conf file.

That's where I'll stop for now.

Thursday, January 17, 2013

Internet In the News

In the news today are several Internet related articles. The first is a cool software service called Connectify. This is what they have to say:
"Connect to multiple Internet connections for their combined speed and reliability. With just a couple clicks, you’ll be cruising the web at warp speed. The more Internet connections you have, the faster you’ll go!"
Currently only for Windows PCs, they are developing a Mac client as well. I read about them back when they were a Kickstarter campaign. It's a great idea if you live in an area with multiple wifi hotspots available.

VPNs

PC Magazine has a piece on the Google plan to offer a Wifi network in Lower Manhattan. The title does a great disservice to the discussion, Why You Shouldn't Trust Google's Free WiFi Network. This sensationalist title should be action oriented, Google's Free WiFi Network, How to Protect Your Privacy. Don't scare people away from the network. Tell people how they can protect themselves. The article does discuss a few options users can take, and these are steps that EVERYONE should take regardless of the Open network one chooses to use. 

I would even go so far as to say that user need to start using VPNs on their home internet connections due to the number of reports of digital snooping by ISPs. While not Identity Theft related, ISPs are looking at destinations and protocols used and throttling service based on this. Not exactly the Open Internet I want to have around, personally.

I have done a little bit of research on commercial VPN services. You can check it out here.

Wednesday, January 16, 2013

Putting words on "paper"

Brain Freeze

I have many technical ideas floating around in my head. I bounce around from one to another to another with little getting accomplished. Here is where I begin to change that.

Current project ideas:

Hacking the WR703N travel router
Making use of the Ubiquity NanoStation Loco M2
Repurposing the OpenMesh 1P

Using batman-adv
Compiling a sysupgrade firmware image for the WRT54G to run batmand

WR703N Ideas

Car Radio - USB Hub, GPS, Wifi, Flashdrive, Soundcard - Download via wifi the recently played songs from local radio to play without ads.
BoomBox - Wifi, Flashdrive, Soundcard - Download specific songs to play on the boombox.
NAS USB Hub, HD cables. Create a NAS from the many extra HDs collecting dust.
Mobile VPN/Tor Gateway - Single box for forwarding traffic to the Tor Network and/or a VPN.
Asterisk - PBX in a box for Google Voice, etc.

Suspended VPS

This week I had my Tor node server suspended due to someone sending spam through the node. Rude awakening there. After promising my VPS host that I would turn off the exit and only run a relay node, they turned it back on. Important since that server is also home to our email and web hosting. More work to be done on this front.

Recharge

I need to spend some time recharging. I am looking into creative groups. One group I am looking into is tln MakerSpace which is currently looking for a new hack project. Another that I have been trying to participate with more is FLUX,  Florida Linux User Xchange.

Finally, I am a proponent for the Open Wireless Movement. Imagine being able to open your phone or laptop and just jump on the internet without any barriers to entry. This is what OpenWireless is about.

Memorium

Aaron Swartz. Creator of RSS and co-founder of Reddit. I never knew him, but knew his work. This week he is in the news in a big way. Unfortunately. At 26 and suffering from depressing he took his own life. Details of the case in NPR and CNet. May his legacy be that honest change comes out of this.