An Cuasán

I have been using the Mutt email client for a short while now. By no means an expert, but have found a few little gems.

Firstly, I am using external POP and SMTP for sending and collecting email, with no local email server.

I use the following basic mutt settings in ~/.muttrc


set mbox_type=Maildir
set folder=”~/email/mailbox”
set mask=”!^\\.[^.]”
set mbox=”~/email/mailbox/kept
set record=”+.Sent”
set postponed=”+.Drafts”
set spoolfile=”~/email/mailbox/in-default
set realname=”me”
set from=”me@domain.tld”
set use_from=yes


As you can see, the mailbox are all in a folder in my home directory, no use of spool etc as I am not running an email server.

For sending email I use esmtp with this option in .muttrc


set sendmail=”/usr/bin/esmtp -v -X /tmp/esmtp.log”
set envelope_from=yes


For receiving email, I use getmail via cron every 15 mins.
The cron is :


crontab -l
# m h dom mon dow command
*/15 * * * * getmail –getmaildir /home/me/email/getmail/ –rcfile getmail.me.rc

The retriever in the getmail config is SimplePOP3SSLRetriever, and the destination is to procmail, which then does filtering based on rules and filters i set up and drops the email into the various maildir folders in ~/email/mailbox/

When viewing various mime attachments, Mutt uses mailcap [/etc/mailcap] to decide which applications to use.

I was suprised to find that gif and other images are not supported ‘out of the box’.

However, creating a file called ~/.mailcap with the following text solved it quickly.

###############################################################################
#
# MIME types and programs that process those types
#
###############################################################################
image/*; /usr/bin/gthumb ‘%s’; test=test -n “$DISPLAY”

‘/usr/bin/gthumb‘ refers to the application I want images to be opened with from Mutt, when I get image attachments in my email.

Thats pretty much it!

I’m doing some research this year and am coming across more and more use of the DOI.

This Robust Referencing for arts. Pretty cool. I like the thought of being able to include a “URI” for each reference, that will always resolve to that particular material.

It’s nice when reading a paper if the author(s) have included the details for that paper, and nicer still when you find one with a DOI included. You can include that DOI with your reference to the paper should you use it, and make it easier for others to quickly get at the paper, or at least the details, as above.

This isn’t a new idea though, as I read more I’m finding lots of references to ‘openurl‘.

Some quotes(ish)/paraphrases and references on the subject if you are new to it, from a podcast I listened to :

http://blog.jonudell.net/2007/01/26/a-conversation-with-tony-hammond-about-digital-object-identifiers/

http://www.nature.com/index.html

Robust Referencing, at an abstract level, of a work. Not tied to a specific release, edition or part of a work, but the work as a whole.

Multiple Resolution is possible. i.e. to Articles, Books, etc over many versions, errata, images, video, text, etc etc etc, including smart awareness of updates!! (errata, new version/revision, etc)

Somebody else caught it and mentions openUrl @ http://onebiglibrary.net/story/crossover-event-jon-udell-and-tony-hammond-on-doi-etc

What about Purl ? [http://purl.org/] (no multiple resolution)

http://en.wikipedia.org/wiki/Digital_object_identifier

Connotea is like a social bookmarking site for scientists and academia, allowing users to reference online versions of publications, http://en.wikipedia.org/wiki/Connotea

http://www.connotea.org/register

I have the above router at home and am using it as a backup device.

I never got any firmware upgrades for it, and finding nothing on-line or at any of the ericsson sites, I decided to e-mail them.

A very nice chap responded with the below in a matter of hours :

“The HM230 has reached end of support, you can find the latest firmware and documetation via the link below:
ftp://ftp.cpeps.ericsson.net/HM230/ “

I have downloaded all the files and will try the update later.

If you find the site unavailable, drop me a note, I may have them on backup for a time.

The are :

Index of ftp://ftp.cpeps.ericsson.net/HM230/

---

Up to higher level directory
hm230d_userguide_r3.pdf	10294 KB	19/04/2007	00:00:00
hm230di FW 4.28p3.zip	2154 KB	19/04/2007	00:00:00
hm230dp_FW 4.28p3.zip	2144 KB	19/04/2007	00:00:00

The wordpress.com login mechanism is not secure!

[Update, it has been addressed, pity there was no announcement, and no warning with details of how to login securly]

Even when you go to it via secure-http, at https://www.wordpress.com, the login is done insecurely.

Why ? Because the login information is still posting to a non-secure http:// location !

What does this mean ? Consider :

1. your login name and password are sent in plain text, not encrypted.
2. there is the potential that anybody on your lan, at the internet-cafe, at school, work, in the airport etc can get your password. They don’t even need to be a technical genius.

Closer analysis of the website @ https://www.wordpress.com reveals the form is set as follows :

<form name="loginform" id="loginform" action="http://wordpress.com/wp-login.php” method=”post”>

Shouldn’t the action be to https://wordpress.com/wp-login.php ??

Thankfully, firefox alerts me to this with a message, so at least with that browser I may be aware something is not quite right.

“Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party.” is the message, as per the image below.

Image Link

I find this very suprising, don’t you ?

For instance, here [http://wordpress.com/blog/2006/03/08/secure-blogging/] is a blog entry touting the security of WordPressfrom 2006, yet today the login is very far from secure.

I installed Ubuntu 6 on my Dell the other day, its out of date but I had the cd to hand.

Lastnight I upgraded to Ubuntu 7.04 and X (the graphics server) stopped working.

I logged in and ran the following to get it going again :

sudo aptitude install xorg-driver-fglrx

sudo aticonfig –initial

sudo modprobe fglrx

sudo /etc/init.d/gdm restart

This

1. installs the required graphics driver
2. updates the graphics config
3. loads the required driver
4. restarts the graphics server with the new settings

It’s a pity 7.04 couldn’t degrade nicely and use the same driver 6 was able to work with. The resolution was poor but at least it was usable in graphical mode until you managed to figure out a solution.

Not everybody has an alternative PC to search for help online, or is comfortable with web browsing from the command console.

I just installed Ubuntu on my laptop, and again I am hit with a slow browsing experience on some networks.

For instance, if you are in Éire and get “broadband” from eircom, you may be having a slow browsing experience on your Linux machine.

From what I’ve been reading each time I hit such an issue, the problem is usually that the cheap router(s) supplied and/or on the ISP’s network are not responding to AAAA requests, so only after a timeout will a backward-compatible A request be sent which will then be honoured.

All this, per request to the internet, has significant imapct on day to day browsing.

You can work around this kind of ISP issue by stopping your machine from sending the AAAA requests (which the cheap, non-standards-compliant router won’t respond to… ?).

To do this on ubuntu try :

1. Disable these AAAA/IPV6 requests only for your browser. For firefox, go to

about:config

in the address bar, locate the line starting with

network.dns.disableIPv6

(the filter capability is your friend here) and change the value to

true

2. Disable these AAAA/IPV6 requests at a system-wide level,

edit

/etc/modprobe.d/aliases

perhaps via

sudo vim /etc/modprobe.d/aliases

or

sudo gedit /etc/modprobe.d/aliases

and change the line

alias net-pf-10 ipv6

to

alias net-pf-10 off

Save the file and you should be motoring nicely again.

Temporarily :

sudo modprobe -r pcspkr

Permanently (for the life of the OS)

append this

# disable pc speaker beeps
blacklist pcspkr

to

/etc/modprobe.d/blacklist

perhaps via

sudo vim /etc/modprobe.d/blacklist

or

gksudo gedit /etc/modprobe.d/blacklist

Recently I have been taking a look at SIP.

When I thought more about the voice and video encoding negotiations primarily, I began to wonder about uses for this kind of negotiation a richer web browsing experience.

I have regularily come across web-sites offering a link to some content, only to find myself brought not to the content, but to another page where I then have to select which format I would like to get that content in ? Think of having clicked a link to some audio or video content, only to find yourself at yet another page where you have to select which encoding your computer or browser has support for (aac, mp3, m4a, mpeg, flash, quicktime, wma, wmv, etc.) . Then, if you are lucky and chose correctly, you will get to see the video or hear the audio.

Even when just looking for a document one can encounter a similiar situation, which format would you like a document in(text, ms-word, pdf, html, ps, etc.).

I’m not suggesting SIP itself is the answer, but I thought that a browsing experience with SIP/SDP-like capabilities could solve this manual step nicely.

Click a link to some content, or just to a web site with various content at it, and the web browser and web server transparently negotiate which methods to use to send to content to you, based perhaps on the capabilities of your system, or the bandwidth available or some preferred format defaults in the browser setup, or whatever.

Perhaps with Flash becoming so popular for video and audio content, PDF for text and static image content, and renderers for both coming to more and more client devices, this idea is somewhat diluted…???

Also, perhaps this has already been otherwise addressed in the web world ? Now that I have thought about it, I find it hard to believe that it has not been.

Yet I still find many sites with many choices available for selection of some audio, video or document content for download…

Comments?

I have need to add a software firewall to each pc on my home lan. My internet provider does not have a firewall on the DSL modem they gave me, so far as I know (or at least it is not enabled). Also, they do not use NAT on that modem so there is no chance of ‘protection’ from that perspective. Each of my home computers gets an external ip address, and is externally visible to the internet.

As a robust solution, I hope eventually to take the time to set up an old pc as a bridge and firewall between my internal network and the DSL modem. For now, the solution to protecting the internal devices was a choice between a dedicated firewall with NAT translation also, or a software firewall on each device. (Having a software firewall on each computer is probably a good idea anyway, especially if you have a laptop and are likely to be using it on networks outside of your home lan.)

For the Ubuntu machines, I have tried out Guard-dog and Firestarter. What I want is a solution that will allow all outoing connections by default and block all incoming connections by default, on all devices. Flexibility to block specific outgoing traffic, allow specific incomming traffic, blacklisting specific protocols or hosts, etc, would be an advantage.

Guard-dog:

I gave up on guard-dog pretty quickly as it was just too much hassle and I didn’t have the time to read all the documentation and go through all the detailed setup.

And there is a bit of detailed setup required. It is a little awkward (or more secure if you want to look at it that way) in that by default it blocks all traffic. So you have to go out of your way to allow outgoing web browsing, outgoing pop and smtp, outgoing irc, etc. This is just a little bit too secure and too much bother for what I need right now. I’m happy that my pc is ‘clean’, and thus to allow any outgoing connections. What I am worried about is incomming connections.

It did give the impression of the very powerful solution, and is probably worth a more in-depth look. I may come back to this in the future.

A small niggle also is that it did not appear in either the Applications or System->Administration menus after being installed, so I had to start it from the command line (on Ubuntu Edgy, Gnome).

Firestarter:

Firestarter was installed and up and running in a matter of minutes. After installing from Synaptic, I started it from the System->Administration menu, went through the wizard and the firewall started up and I could work away on the net without any trouble.

The wizard simply entailed selecting the external device. You can optionally also set up internet connection sharing here, but I don’t need that. A handy customisation I made to the preferences after it started was to enable the “Minimise to tray on window close” option.

Issues I have with Firestarter are mostly related to using it on my laptop, and using secure tunnels with it.

1. It seems to have the concept of only one device in the external or internet zone. Thus, I find that when I am switching between using the wireless and wired network interfaces I have to re-run the wizard to select the new internet device. If I don’t do this, it blocks my connections attempts!
2. I would thus be not suprised at all if it didn’t allow access both at the same time. What if I need internet access through a wireless link, but also need access to an wired network ? I may be using a trusted lan, or a potentially hostile lan. In general I prefer to treat all networks as hostile and only specifically and temporarily allow local services to be used as required.
3. I have been using OpenVpn lately, and had to go to a bit of bother to get firestarter to allow traffic down this link. I think the solution I got (and iptables command) was just to basically open up the vpn tunnel as a trusted link, allowing all traffic in both directions. Again, I would really like the ability to control this from firestarter, and to be able to put the tunnel into an internet or other, not completly trusted, zone. [Just because I'm connecting to a VPN doesn't mean I'm safe. It may be a requirement to connect exterenally to a network of my employer,  or a client, or whomever. It does not imply that I can trust it is safe and secure.]

Apart from those few little issues, I like it a lot. Exceptions can be allowed for exposing particular services, to particular clients if required. The issues I have would be solved if any future version would allow multiple devices (real or virtual, tunnels etc) to be controlled similtaenously, and to allow manual control over what zone or level of trust each device/virtual-device should relate to.

Sample Traffic

If it is of any interest, here is the list of incomming connections I have seen in the few minutes since I enabled the firewall.

• TCP and UDP connection attempts to unknown services (PORTS 10421, 10426 and 14411 )
• HTTP, SNMP, VNC, MS-SQL-S, MS-SQL-M and POP3 connection attempts.