Srcasm

I get very excited when I see new companies in the tech industry growing up (especially when I use them and they’re in the Philadelphia area). ReadBurner is no exception. In the past few days, they’ve rolled out some great new features — categorized popular this week, paging on certain pages, integrated comments and the latest is a partnership with NetVibes. This last one is exciting. From the ReadBurner blog, Adam writes:

This announcement gives you a bit of a taste of what we’re up to – analyzing what people are sharing across the Web on all sorts of different services. As such, our tagline has now changed to “what’s shared on the Web.”

While some may not understand why this is a big accomplishment, I feel that it is. They have a goal to let every user (that one’s for Drew) know what’s hot on the internet without regard to who says it’s hot. This differs from Digg.com and the other content rating sites like Technorati by a large margin. Digg uses a system where people can vote something up but they don’t even have to have viewed the site to do it and Technorati uses an authority system. This means that certain users and blogs have a higher likelihood of hitting the front page simply because of who or what they are. ReadBurner takes the guesswork out of this. No weights, no preference, simply sharing.

In addition of providing the top articles in different categories, they also allow you to quickly hop to both Google Reader and NetVibes to share more items right at the top of the screen.

While they have a long way to go before they are fully accepted, I think they’re heading in the right direction. They have made an active choice to keep from moderating the information or removing articles that they don’t like (see, lolcatz can make it up there each and every day). Keep an eye on these guys because they have some great stuff on the way.

Continue reading »

I recently found while working on a Barracuda spam appliance that the person who set it up made a tiny mistake.  Now I’d be one to admit if it were me but I’m pretty sure it wasn’t this time.  They had all the steps right up until the second to last one.  Let me set the stage…

1. Three spam filters from Barracuda Networks spread out accross the globe.
2. All three have a similar configuration setup on them.  (Check for spam on the inbound and act as the primary, secondary and tertiary outbound relays for internal mail heading out to the wide, wide world we call the Internet.)
3. Setup allowed Relay IP addresses (internal mail servers, certain paging systems, even a multi-function printer or two).
4. Add the companies domain name to the list of allowed relayers…
5. Turn on the appliances and setup the MX records outside so we have a “fail-safe”, redundant, spectacular, awesome email spam fighting system!

Now, if you haven’t seen it yet, check step number 4 again.  See, in step 3 we set up the system so that specific servers were able to relay out through the device.  These IPs were entered in by either individual hosts or small subnets of systems that had rights to send out email to the outside world.  But in step 4 we then said that any email coming “from” the company’s domain (we’ll call it xyz.com) was allowed to relay as well.  That’s an issue because it’s fairly simple to both figure out what the company’s domain name is and then use it to start sending spam out from anywhere in the world.  Lets look at and example session connecting to a Barracuda spam appliance via SMTP: (Note: The bold lines are the commands that I wrote.)

220 spam1-svr.xyz.com ESMTP (d2f98b7a83b562327asdcjb25227d4f7)
HELO xyz.com
250 spam1-svr.xyz.com Hello laptop-lt [malicious.ip.from.outside], pleased to meet you
MAIL FROM:someone@xyz.com
250 Ok
RCPT TO:anotherperson@zyx.com
250 Ok
DATA
354 Start mail input; end with .
This is an email
.
250 Ok: queued as AAEDC3SKB1CE

The problem with allowing xyz.com to relay is that it takes precedence over the IP list that was setup in 3.  This means that with that first line (spam1-svr.xyz.com), a spammer knows what the local domain is.  Now all they need to do is start making up email addresses that may or may not exist in your domain and they too can use you as an open relay.

If you’re on a Barracuda box, the screen is located at Advanced->Outbound/Relay and looks like this:

Please, make sure that you’re not using the Senders With Relay Permission or Trusted Relay Host/Domain sections of the relaying tab.  Take the time to enter the IPs of the systems that need relaying and if you can, use LDAP lookups to verify that the sending email address is actually someone who exists.  You’ll thank me later — when you’re not blacklisted in 10 different systems and your users’ email can’t get through.

A friend of mine and I have rolled out the latest venture — a new blog at I Hate My IT Guy.  Now I know what you’re saying, “Another blog, oh boy!” (Please note: the sarcasm!), but this one takes a bit of a different approach.  We’re hoping to make it an interactive experience for both users and IT guys (people to be P.C.) to share their experiences, woes and loves of deal with or in an IT world.  Take a look at the excerpt from the about us page and share your insight from both sides of the fence:

 ”This is the beginning of the end of IT as you know it! Whether you’re fed up with your IT guys (people to be PC) bossing you around, telling you what you can and can’t do online, offline, in line and out of line, or you’re the IT guy who loves to do the bossing we want your input. Tell us what you do and don’t like about IT today and lets talk about it. We hope to shed some light on the myths and truths about what it is to work in IT and what it’s like to deal with the IT guy.”

Please, share your thoughts with us at the new site.

Many of us in the IT field find it very difficult to actually “go away” on vacation.  Whether we’re connected by beepers, EDGE/EVDO wireless cards, PDAs or any other type of neural connection to the mainframe, we’re always at the beck and call of the computers — I mean users.  It’s the time of year again when I take my annual trip to Florida.  This year it’s to see the grandparents (who no longer travel) and to visit the Florida Keys.  I always enjoy traveling to the warm weather this time of year even if it was 66°F yesterday in Philadelphia.

The only downside is a lack of connectivity to the outside world.  I know what most of you will tell me, “Disconnect, unplug, turn it off!”  Well, that’s easier said than done.  Being in a global company without a very large global IT staff means that I’m on call almost all the time.  Whether they call about a line down, a network break in or a simple “this system isn’t running properly”, I’m on call.  Work wouldn’t say that I was on call as I won’t have the pager that week (note: I don’t carry a beeper, I forward it to my cell phone) but I will be.  I’ll have with me my Blackberry 8820 (which I can’t go anywhere without), my HP/Compaq 2510p laptop and a wireless EDGE aircard from AT&T.  This should be enough to keep me connected, especially if I find a wifi signal near where I’ll be staying.  In between swimming with the dolphins, going snorkling on the reef and tanning/studying on the beach, I’ll check up online and see where everything is at.  A quick VPN login and browse of the systems will make me feel much better…  And I know my girlfriend will love for me to do it as well.

I ask you — How do you disconnect?  Do you cut it out cold turkey on vacation?  Do you sneak-a-peek at your email, check up on work or throw a couple Tweets out while lounging on the beach?  I know I’ll try to stay off line but it never seems to work for me.

I recently sat in a meeting to discuss our company’s laptop security practices. Now, we aren’t a publicly traded company but we should be protecting out data to the best of our abilities without impacting the user too much. There we many topics discussed in this meeting — everything from encryption of the HDs to using encrypted thumb drives to CMOS passwords/HD passwords via the CMOS. It was a fun time and explaining why certain processes would be helpful and others wouldn’t was quite a challenge.

I think we finally came to the realization that encrypting all of our hard drives was not going to be a viable option. The major issue we face is we have too many older laptops that do not offer hardware encryption on the drives. Software encryption is an option but in my experience it’s a slow and painful process that usually requires some work on the user’s end to make it function properly. Continue reading »