Yet again: Your wife’s name doesn’t qualify as a password!

15/07/2009 – 03:09 pm

You think I am exaggerating? Maybe I am for some people. But for the majority I am clearly not. This includes even big players on the Internet, who definitely should know better! And that really upsets me, because those careless people obviously have access (i.e. passwords) to many other peoples’ data — including customers.

Read here, what recently happened to many Twitter employees, including those dealing with confidential documents, which now have been published on Techcrunch.

The English translation of the original source can be found here.

These are the two lessons to learn:

  • Do not use third-party services to store confidential information!
  • Use passwords and security questions, which cannot be guessed easily!

A password must:

  • not be shorter than 8 characters
  • not contain only letters (better mix with numbers and special characters!)
  • not contain natural language (i.e. words which can be found in dictionaries)
  • not contain names, birth or anniversary dates, parts of (previous) home addresses, your favourite colour or hobby
  • not be re-used on a whole bunch of different web sites
  • not be stored in your email inbox (if a bloody stupid provider sends you non-temporary cleartext passwords, delete them instantly from any online media or computer, and change the password, unless you want the next worm or trojan to forward them to criminal parties)

Don’t think password hacking happens to the big players only. Those of you who have been running their own (web) servers for a while, shall have a look into the auth.log and access.log files (for a start). Hopefully that opens your eyes: Automated password cracking and site hacking attempts are no exception. They happen regularly to all of us. And they happen to all third-party services you use, but there you have no influence whatsoever, hence cannot do anything except making your passwords and security questions as difficult to guess as possible!

Please help making people aware of the necessity of strong passwords. Just share this post via Twitter, facebook, or whatever social network you are member of. Thank you!

Posted in Security | 5 Comments »

Ubuntu or FreeBSD?

06/07/2009 – 12:32 am

That’s one of the most stupid controversial questions I’ve ever read on Twitter. (Ok, I haven’t used Twitter for a long time yet, so I’m prepared for worse questions.) It shows that 140 characters cannot transport any substantial information really. The funny thing is that people indeed try to answer that question on Twitter — with 140 characters — recommending one or the other operating system to the one who asked. Total madness.

First of all, questions like this, which do not tell anything about the author’s aims and intentions, are not answerable. One could as well ask: Ferrari or Landrover? I’d suggest taking the Ferrari for the next cross-country rally, whereas the Landrover is definitely the best choice for the F1 track. Anyway, you got my point. :-)

This blog post has potential for flamewars between the lovers of BSD and Linux, and also between lovers of either of the Linux distributions. So let me emphasize that this is my personal opinion.

Read the rest of this entry »

Posted in BSD, general, Linux, Operating Systems | 1 Comment »

Why do Twitter clients use Adobe AIR?

21/06/2009 – 12:56 pm

@tkramar raised the question on Twitter, why every desktop client for that service seems to be built on top of Adobe Air (here). That’s something, I also was wondering about. And in fact you often hear people complain: “Why AIR? Why not a native application?” Let me try to give the answer while having breakfast. ;-)

Read the rest of this entry »

Posted in Flex/Flash, Software | No Comments »

Managing Web 2.0

10/06/2009 – 06:23 pm

Somehow, all the features and increasingly popular services become more and more confusing.

Ok, everyone has Facebook (at least in English speaking countries people would rather ask if you are on Facebook than what your phone number is). And then there’s Twitter, another way of keeping friends or customers or whoever informed about what’s going on. Plus, you need to share you favourite URLs with digg, del.icio.us, or any other social bookmarking service of your choice. And of course, you need your own blog! And a Flickr account for your photos. Did I cover all of the services a modern Web 2.0 person has to have? Probably not. But now the core question: How do you manage to keep everything up 2 date? I mean as someone who’s already got a full-time job… :D

Comments, suggestions, URL appreciated!

Posted in general | No Comments »

Octopus — Logging Server in C#

06/06/2009 – 07:21 pm

I have to admit that I really like C#. The last 4 or 5 months, I’ve hardly touched any other programming language. And so it happened to be my first choice when I was asked to develop a “reasonably fast” logging server.

So what is this Octopus thing about? In a nutshell it’s a server, which takes HTTP requests with a defined set of URL parameters, confirms receipt the client, and then asynchronously stores the request into a database. The interesting bit is the part between accepting the request and storing it to the DB. 

Basically, we’ve got three levels of storage: a in-memory queue, a flat file buffer, and the database. The tricky thing was to optimise processing, while still being fault-tolerant. I kind of managed that, I think. Octopus can (depending on the hardware it runs on) easily accept up to 2,000 requests per second, and will store them into either a MySQL or SQLite database at the moment. Please read more about it on the Octopus Website.

Posted in C#, Development, Software | No Comments »

Waking up from hibernation

26/09/2008 – 12:01 am

After years of Systems Administration I have completely forgotten how much I used to like developing in Java. My current employer gave me that opportunity recently. So I took ownership and responsibility to de-hibernate myself (my Java knowledge became a bit rusty) and to start working on a project which separates the website’s business logic layer from the database layer. That becomes necessary as we want to re-design our infrastructure in a way that enables us to be as platform independent and as scalable as possible.  

On the one hand, we are not even entirely sure if we’ll stick to MySQL or switch to any other DB server type, hence we must not use SQL dialect specific code within the application. On the other hand, we want to provide a SOAP endpoint internally, which allows us to access data from all sorts of applications and clearly separates the business logic of all sorts of clients from our actual data store.

In addition, caching of object structures which are mapped against data structures (or tables) would be very neat. Consequently, I suggested and started using Java with Hibernate and JAX-WS on a Glassfish Java Application Server. We might integrate an additional caching layer later. Terracotta is one of the candidates, which integrates seamlessly and can increase speed by factor 2 to 10. 

After one week of researching, developing proofs of concept and presenting a first prototype, I am sooo excited about all that. :-)  I always loved Java, and again I remember why.

Posted in Java | No Comments »

PowerDNS w/ MySQL — should have tried earlier

14/09/2008 – 10:23 pm

I was quite fed up with BIND (zonefile editing, serial number increasing, master/slave setups), so I was searching for alternatives to run Master/Slave DNS services. More or less randomly, I again came across PowerDNS. Again, because I have heard a couple of times that big providers quite often use it. So I decided to give it a go. On FreeBSD it’s quite easy. You just install it together with its MySQL modules, activate the modules in the configuration files, import the database schemata, and fill it with content. A script to import BIND zone files directly to the DB is also included. Couldn’t be easier. 

Once you’ve set it up and got it running, you of course need a slave server as well. So all you got to do is either to install another PowerDNS/MySQL instance on another machine and connect it to the same database (you wouldn’t really want to do that), or connect it to a second MySQL server, which ideally is a replication slave of the first one. Then you have a fully redundant setup and don’t need to worry about failures of either of those. All DNS record changes go directly to the master DB server, which will be picked up by the slave in almost real time. Plus, you don’t need to worry about serial numbers. Change a record in the DB and this change will be published instantly. 

If you fancy web interfaces, you can either go for an open source one, or you can write one on your own. As the DB structure of PowerDNS is kept very simple, it’s easy to add/modify records via script also. Do whatever you want and don’t worry about the stupid restrictions and configuration hurdles you used to run into when going for a BIND server.

Posted in Software | No Comments »

Distributed Data Centre in-a-box

16/08/2008 – 01:02 am

Weird title, right? Well, it’s also a weird project, which I am doing just for fun and as a kind of proof-of-concept. The idea is to build a “micro data centre” on a single VMware ESXi based machine and to fully replicate all parts of it onto another single ESXi based machine, which is located in another real data centre. That sounds easy, right? But hold on a second.

Read the rest of this entry »

Posted in Experimental Projects, Virtualisation | 5 Comments »

Why should you bother to use virtualisation?

10/08/2008 – 11:35 am

Be honest: You are running at least one dedicated server, and you certainly have asked yourself whether you should use virtualisation. You might have found “no” to be the answer, as you have one server for each purpose and do not plan to migrate to other hardware machines or to “sub let” your system. That’s ok. But on the other hand, everybody likes to reduce hardware costs, or make more of the hardware they have.

It’s a prejudice that virtualisation is only interesting for so-called Virtual Private Server providers or for big companies who need to run loads of tests for their software releases on different platforms and configurations. Also, you do not need a bunch of servers or a blade-center to take an advantage on virtualisation. In this article I’d like to give an example of what can be achieved with virtualisation apart from those typical and well-known scenarios.

Read the rest of this entry »

Posted in Virtualisation | 2 Comments »

Free Virtualisation at its best!

09/08/2008 – 11:47 pm

Did you realise that VMware released ESXi for nothing recently? If not, get it and try it! All you need is a server with full KVM access (either over IP or locally) including the opportunity to install CD images (remotely). In my case, I went for a neat SuperMicro machine from SoftLayer, which offers full KVM-over-IP with remote CD mounts (ISO images on network storages or on the client computer). But that’s not important here, although they actually offer Double-RAM/Double-Drive deals, so that I am paying only US$ 311 for a Quad-Core Xeon, 6GB of RAM and 2×146 GB SAS at an Adaptec RAID controller. It’s an awesome offer, especially because they have an incredible user interface and are extremely flexible when it comes to updates/changes. Okay, okay. Enough advertising :-)

This article is about virtualisation. Caution: Long article!

Read the rest of this entry »

Posted in Virtualisation | Comments Off

Previous Entries
Next Entries  
Sysconfig's Blog is proudly powered by WordPress Entries (RSS) and Comments (RSS). Theme by Bob