Category: General (Page 22 of 25)

A website just posted a story about how there is “no end in sight” to the hacking of World of Warcraft accounts. The story tells about hackers who install keylogging software on victims’ computers, then use it to relay the victims’ WoW username and password back to them. Then they simply log in as that user, transfer all of the victim’s valuable in-game assets to accounts that they control, and sell off everything for cash.

An idea I had on how to solve this, as well as lots of other online identity theft problems, is to allow users to opt-in to a login restriction based on IP Address. Blizzard could ask you if you want to restrict logins to your current IP (or, more likely, the first 22 bits or so of your IP address). Any attempt to login with an IP outside that range would require some kind of external verification, like an automated phone call where you verify the last four digits of your credit card number.

It would take a little work on their side, but surely Blizzard ought to be able to come up with something like this. I would think that the development time up front would save them lots money on customer service and canceled subscriptions down the line when accounts are compromised.

The solution does have a couple potential problems. Mainly, if a hacker is able to install keylogging software on a victims’ computer, they might also be able to install a proxy server of some sort to attempt to use the victims’ IP address anyway. There is some evidence that such Proxy programs already exist and are used for account leveling. If this type of proxy software becomes widely used, identifying hackers by IP becomes nearly impossible.

Its important to note that this idea does not apply just to WoW. Other companies like banks could use a similar security measure to protect against hackers logging in as real users. The fact that nobody has done this must mean that I’m missing something. Feel free to comment and let me know how this wouldn’t work.

Today I solved a problem that I’ve had for a couple months.  I had a user complain that they the  MP3 Audio embedded on their home page file only played the first few seconds of the audio clip.   I tried it out on my browser and it worked fine.  I also tried it on a couple other machines which worked okay, but finally came across one using Firefox 1.5 that had the same problem.

Unfortunately, I kindof forgot about this until today.  I was looking at some statistics for mod_deflate and noticed that the time coincided with the date that the MP3 stopped working.   I configured Apache to not compress MP3 files, and now it plays fine.

I’m still not sure why it worked on some browsers and not on others, but the important thing is that it works.

Google just released a very cool update to their already useful Google Maps service.  Google MyMaps allows users to easily create customizable maps by using an intuitive web-based user interface to place points on the map, and draw lines and areas.   Any of the points can then be labeled with customizable text that may include photos and video clips.  I’ve always been impressed with Google Maps, and this is a nice addition that makes more useful in a much different way.

One of the interesting things about Google Maps is that they have always offered an API for others to extend the functionality.   I don’t think that the MyMaps feature adds much that couldn’t have been created by somebody else by using their existing APIs.

On many of the firewalls that I administer, the machine fails to respond to a traceroute. The traceroute would get the entire way to the host, and then fail to respond when it hit the host. I have messed with this on and off for a while, and finally came up with the problem and a solution.

First, I tried to make sure that the firewall was open to receive ICMP packets. I use these command to permit a few specific ICMP types:

## Accept ICMP Echo-Reply, Echo-Request, and Time-Exceeded packets
iptables -A INPUT -s 0/0 -d 0/0 -p icmp –icmp-type 0 -j ACCEPT
iptables -A INPUT -s 0/0 -d 0/0 -p icmp –icmp-type 8 -j ACCEPT
iptables -A INPUT -s 0/0 -d 0/0 -p icmp –icmp-type 11 -j ACCEPT

However, just enabling those didn’t allow traceroutes to work correctly. There is also an ICMP type 30 for traceroute, but enabling that never got it working for me

So, I had to dig a little deeper into how traceroute works. What it does, is send a UDP packet to a port that it doesn’t expect to be open. The host then should send an ICMP ‘Unreachable’ packet back to the originating machine.

Turns out that the firewall rules that I was using blocked all incoming UDP requests (unless they were specifically allowed). This made it so that the machine never received the UDP request because the firewall blocked it.

Most traceroute implementations start sending requests on UDP port 33441, and then increment the port number sequentially for each one that it sends out. So I added this firewall rule to allow these packets through:

## Allow traceroutes, which send a packet to a UDP port in this general range
iptables -A INPUT -s 0/0 -p udp –destination-port 33441:33500 -j ACCEPT

Now those UDP packets get accepted and the machine properly replies with the ICMP packet like it should.

I’ve seen people claiming that mobile wireless Internet is a good replacement for a home data service, especially if you have a laptop.  For some users that may be okay, but not for me.
Slashdot pointed me to a blog post that looked at the latest Terms of Service for Verizon’s service.  In there it says that with bandwidth usage over 5 GB per month, they assume that you must be doing something that violates their terms of service, and can therefore, discontinue your service.  I’ve never looked at my own bandwidth usage for home, but I’m pretty sure I do significantly more than 5GB in a month.

Also, interesting in their terms of service, it said that it was only to be used for Internet Browsing, Email, and intranet access.  It sounds like Gaming is out then. It also said that it is not allowed to be used as a substitute or backup for private lines.  Doesn’t sound like its good for very much then.

Sometimes I’ll be on an old box and need to install a CPAN perl module for something.  But when starting up CPAN, it tries to hit a bunch of mirrors that no longer exist.  I just found out that you can easily clear the CPAN configuration and  have it re-ask you all of the inital configuration questions.   Simply use the command ‘o conf init’ at the cpan> prompt.

I usually install Bundle::CPAN first so that you get a bunch of the important stuff, then install whatever else you need.

A customer asked today why our control panel showed their server with over 10 GB of traffic, but the ifconfig on their server showed that they had done just over 1 GB of traffic.  Their server had not been rebooted for several months, so it should have accounted for all traffic during the current month.

What they didn’t realize was that the counters used by ifconfig are 32 bit counters, so they can only go as high as about 4.3 GB (technically 2^32 = 4,294,967,296 bytes) before rolling over.  With 10 GB of traffic during a month, that would mean that they roll over a little more than 2 times per month, or about every 2 weeks.

I spent most of the afternoon and evening rewiring the cable and data in our house. I’m also terminating a couple of cables into wall-jacks and putting a small punch down block in a central area so that things are wired a little better.

I got most of the way through everything, and was doing a cable where a room isn’t finished, so I was going to leave the RJ-45 end on.   I wired it up at the punch down block just like I did all of the others, but I couldn’t get it to work.  I tore the ends apart and put them back together a couple times to make sure everything was connected good and tight.

It turns out, that I had the greens and browns mixed up on the connector I was using.  The other jacks that I had done, were at least consistently wrong on both ends, so they worked.  But since this one was ending in an RJ-45, it actually mattered, and didn’t work.  Stupid color-blindness.
Anyways, I’m a perfectionist, so went back and re-did most of the termination with the correct colors.

A while ago, a friend of mine showed me the Load Time Analyzer for Firefox.  It’s a pretty cool tool that can analyze all of the different HTTP requests that make up a page load.  Then it can display a simple graph showing how long all of the requests took.  It could be very useful for trying to identify requests that are slow to load.

I recently had a reason to use the plugin, so I turned it on and found what I needed to.  I removed the toolbar for it when I was done with it.  But the past couple days, my browser has gotten painfully slow after being open for a couple hours.   It was using a ton of memory, and just loading a simple page, or opening a new tab would sometimes take ten seconds.

Turns out that the Load Time Analyzer was still running, even though the toolbar wasn’t being displayed.  It was keeping track of everything page I visited, which is why it was using so much memory and running so slowly.   To actually disable it, you have to go into your ‘Addons’ menu, and actually disable it.   That, of course, requires a browser restart, which is kindof annoying.

It would be nice if future versions had an option to disable it without a browser restart.  For now, make sure to enable it only while you need to use it.