Tuesday, December 23, 2008

Work fun and Trusted SSL, aka Quis custodiet ipsos custodes...

Some very 'fun' stuff going on these days. So at my current gig they had previously banned all external email access and instant messenger clients. No big deal for me because I can IM/E-Mail on my phone. The Websense proxy also blocks suspicious and 'against policy' websites. It's a security policy thing more than an HR thing. The client, when I was an employee, had a rash of virus outbreaks. And the 'core server network' was unprotected from the general population and the remote sites were unprotected from each other. It's pretty common, in my experience, for companies to work this way.



A week or so ago, they opened Websense up to specific external email sites. The rational was sound. Hotmail, Yahoo, GMail, they all have built in AV tech now, so it's relatively safe. Anything that gets by them is going to get by our Ironport mail gateways (Ironport rocks, by the way... If you want an email filtering solution, I'd recommend them). Well, this week they've had another virus outbreak inside the perimeter. So the loosen the reigns and get burned.... It's been a debacle tracking it down. Not sure if it's a virus/worm/trojan, I'm on the outside, the SRT tech-bridge is still on going. All of this and people are already on vacation, the staffing levels are low to begin with.



Anyway, on to the other topic. Here's an interesting observation by one of the guys at Startcom Linux. The Mozilla folks had a bug submitted because mozilla was complaining that all the sites had bad SSL certs. The helpful folks at bugzilla dug a bit and found out the bug-reporter was getting man-in-the-middle attacked... Over SSL... So it really wasn't a bug, Mozilla/Firefox was correctly saying things were fishy. Well the blogger from startcom linux (can't figure out what his/her name is) found out that some of the 'trusted SSL providers' are not to be trusted. One of Comodo's resellers issued him a mozilla.com certificate with out asking any questions if he was legit or not (he's not). So now he could set up a MitM attack and not set of the SSL cert error alarm. Now the SSL cert wouldn't be the official one, but it would be encrypted. So it would look secure, but it would be 'locked' with a different lock, a lock that your browser trusts. Because browsers have a basic list of trusted providers, any cert generated by one of those providers is assumed to be legit. The browsers (and by proxy, Mozilla, Microsoft and Apple) that the cert providers on their 'approved list' are verifying the people they hand out certificates to in some fashion. Who watches the watchmen? With this breach in the web of trust, all trust becomes suspect. How do you really know with out verifying the trust on the other end of the SSL connection yourself? How on earth would you ask some one at Bank Of America if this SSL certificate was the real certificate? And the web of trust was supposed to protect me from this.



Anyway, it brings to mind the cyber-crime of the century. In the summer you start infecting machines and inserting your proxy for amazon.com into machines and then cleaning up the traces of the infection. So you clean your tracks and the person is none the wiser. You just sit and wait. Wait until the busy holiday shopping season. Then you quietly intercept the credit card numbers, dates and SVNs. And still you wait. Then slowly, you clone that information onto new cards. And then you go on shopping spree after shopping spree. You also take out your list of enemies and send them a plasma TV or two, to their real address with their real name. You do it slowly and cautiously so they never put it together that all the cards in common came from Amazon between the summer and xmas. Or perhaps instead of Amazon, you take advantage of the heavily consolidated American banking industry and siphon the money right out of their accounts. All of the pieces are there. Laundering the money would probably be your toughest hurdle, and even that's not too hard. Scary stuff.










More fun with Time Machine....

So I'm finding a few odd ball things that the TM restore caused me. The first one is the most annoying. So I have an AppleTV set to sync with my iMac. And I have several GB of purchased music, movies and TV shows synced from the iMac to the ATV. Well, when you restore your time machine settings, the iTunes authorization is lost. And iTunes doesn't ask/warn you about that until you try to play a protected track. So I launch iTunes, it dutifully syncs the ATV, but the computer isn't authorized so it proceeds to remove those items from the ATV. AAAAAARG! It takes for ever to sync that many files of that size to the ATV. And due to some flakiness in ATV syncing, movies rarely sync on the first try. (I'm not alone in this, it's fairly common on the support forum.) They sync eventually but it take several tries. So that was no fun.


A few games lost their registration too. More fun...


Listened to: God Rest Ye Merry Gentlemen/We Three Kings f/Sarah McLachlan from the album "Barenaked For The Holidays" by Barenaked Ladies


Tuesday, December 16, 2008

Time Machine part II

A few more little oddities with my Time Machine restore.


1. Mail needs to be completely re-imported. So the caches for Mail are not maintained in Time Machine. This is interesting but not surprising. The files that those caches are built from are maintained. And you can restore individual messages via the time machine interface. But I'm still waiting for 27,861 messages to 'import'. Some how I suspect the 9 minutes remaining estimate is a bit off.


2. Deep node traversal is problematic on the first backup. If you ever to a time machine backup and it takes for ever to get past the 'preparing to backup' then you've seen the deep node traversal thing. If you're geeky like me you also notice these lines:


Dec 15 23:53:39 rwhiffen /System/Library/CoreServices/backupd[340]: Node requires deep traversal:/ reason:kFSEDBEventFlagMustScanSubDirs|kFSEDBEventFlagReasonEventDBUntrustable|


in your /var/log/system.log (you'll have to sudo to read it from terminal or use the console.app).


I also noticed this gem:


Dec 15 23:53:39 rwhiffen /System/Library/CoreServices/backupd[340]: Event store UUIDs don't match for volume: Macintosh HD


Uh oh...don't like the sound of that. "Little Snitch" also complained that it's rules database checksums didn't match. I guess this is understandable, but it makes me wonder what else isn't the same.



Listened to: Sleigh Ride from the album "A Very Special Christmas 2" by Debbie Gibson









Twitter add-on for Ecto

So I write my blog posts in Ecto, a handy front end for just about any blog software out there. It comes with a few plug-ins. Like, an iTunes plugin which will put a link of your current iTunes track:

Listened to: Margarittaville from the album "Beaches" by Jimmy Buffett

To let people know what you're listening to. Good thing it's not automatic or people might find out about my extensive Kelly Clarkson and bad 80's Pop music.

Anyway, there's a Twitter add-on that is supposed to post a status update to twitter (and then facebook via linking... Viva La Web Services!) and I'm trying to get it to work. So far, I've published 2 posts and no dice. Maybe the 3rd time is the charm.

Ohhh Next up on the rando-play:

Listened to: Seven Little Indians from the album "Stolen Moments" by John Hiatt

 

Awesome song (thanks Heather).

Restoring my iMac via Time Machine...

So my iMac has been a tad flaky lately. It's not something I can easily pinpoint. Something just isn't right. More occurrences of the the spinning rainbow wheel, simple actions causing the finder not to respond, stuff like that.   The kind of stuff that makes pseudo technical people say thinks like "it must be spyware" or "after a while when you get too many files the machine bogs down" or "the machines old". My favorite is the windows standard refrain "Defragment your C-drive" which can be valid, but more often than not isn't the real problem. I thought I was on to something when I noticed an app that would go in and out of "not responding" in activity monitor, but that turned into a dead end. So I decided to look at my disk utilization and my drive was fairly fragmented. More importantly, I had data from the top to the bottom of the drive. It would have been interesting to see if the pagefile was split between two far flung tracks. So I decided to run Drive Genius and defragment the drive overnight tonight. I boot up the DVD and it proceeds to do a health check and reports an error (which I don't have in front of me right now). Interestingly Disk Utility reported no such error when booted from the disk. But for what ever reason, this drive had something wrong with the filesystem. No problem, I have recent time machine backups, I'll just reformat and restore.


Oh, if it was that simple for me. So it turns out that my version of iMac (came installed with 10.4) the Leopard (10.5) DVD, a blank internal disk drive, and a valid time machine backup isn't very simple to restore. The mistake I made was going into disk manager and erasing "Macintosh HD" since Time Machine was going to do it anyway. But if the drive had died and I put a new one in to replace it, I would have hit this issue too it seems. For reasons that aren't clear yet (AKA google didn't have an answer on the first page of hits) Time Machine won't restore to an unformatted drive, even though it formats the drive during the restore (I come to find out later). Had I known it was going to reformat the drive on it's own I wouldn't have done it myself. Anyway, I had to install 10.5 on the drive first (45 minutes), then reboot, reboot the DVD again and then do a restore. 4 hours later, my 120Gb of data is back on the internal drive.


Then the rest of the fun. So Time Machine backs up every file that changes except for files that the OS can rebuild on it's own, like app caches and stuff. If you download a lot of crap, like linux ISO files and other large files off the net, (especially if they have .RAR and .PAR2 files) you will quickly fill your time machine drive with unnecessary junk. Virtual machine drives are a another great example of this extra backups. They change all the time. When I ran one of my VM's all day, I had 8 hourly backups of a 15Gb file. Yikes! The solution is to add exclusions to your time machine config via the "Options" page of the preference pane. Then you handle backups of the troublesome directories manually. Which is great until you forget to handle them manually right before you reformat your drive. DOH! Fortunately it's not something I can't download again, but on the other hand, it was a lot of bandwidth used. Then again, since I probably couldn't tell you what was in those two temp folders, it's probably a good indicator I didn't really need them.


Anyway, the restore is done and looks like I'm back in operation. My return to service time 4 hours 11 minutes. On the plus side the dishwasher is loaded, the counters wiped down, laundry folded and ironed.



Listened to: Why Can't I Fall In Love from the album "Pump Up The Volume Original Soundtrack" by Ivan Neville

Looking to get more credentials....

So I've come to the conclusion (in a very round about way, with much flip-flopping involved) that I want to have more certifications and affiliations. I'm currently a Sun SCSA and SCNA. I am also a member of the Microsoft Partner program. Neither of those is going to differentiate me very much. So I'm pursuing other certifications and affiliations.



My thought is to get the base, and maybe the SCSE SNIA cert as the foundation. Then add the EMC or HP (depending on what I'm working with in my current engagement at the time). If it goes well and I stick to it, I'd also upgrade my Sun cert to Solaris 10, and possibly pick up the Sun security certification as well to put a security cert on my resume. Alternatively the CISSP would be a great choice as well, but I think the study time would be too long.


And just to make things more complicated, Sun has a special offer for the solaris 10 upgrade exam. So for $99 you can take the upgrade test instead of the usual $200. Hmmm, life is never simple.



Saturday, December 6, 2008

Christmas Greetings from Jim Pugh

I received a christmas card from Jim Pugh/Pastel Motif today.


jimpugh.jpg


While I suspect all purchasers of the CD are getting the card, I like to think mine was special :-)


Jim needs to put of a christmas album or MP3 download...


Tuesday, December 2, 2008

Cozume diving picture tease

Started uploading pictures from our trip to Cozumel for some Diving. So far only a few inidivudal dives and a big 'blob' off all the pictures in their 'RAW' format (no culling the bad ones, no croping, etc). Anyway, you can take a peek here.


Updating my scuba pictures

I've decided to install another copy of Gallery2 to manage my pictures. This will make it easier for me to manage over the long term than my previous method of creating individual directories with HTML wrappers on it. Anyway, http://rich.whiffen.org/pictures is live. I've started uploading pictures now and will be putting more up over time. Then the hard part of going back and editing the descriptions and such. It never ends.


The Scuba section is here and the "Misc Pictures" is here. That's all there is so far.


Right now I have scuba pictures broken down by year, but it occurs to me that by location might be a better choice. So don't be surprised if it changes back and forth a few times over the next few weeks as I change my mind. I tend to do that it seems.