Fred Cirera

The Google PageRank is a numeric value that represents how important your page is on the web. It is based on the number and quality of "backlinks" a webpage has. A high PageRank indicates that the page must be important since many sites are linking to it.

I am running two NTP servers for the project pool.ntp.org, one located in France, the second here in California. I am monitoring my servers with Munin. Munin comes with plenty of plugins to monitor the temperature of your computer, your disks, your CPU, etc, etc. It also comes with plugins to monitor your NTP daemon, but there is no plugin to monitor how much your NTP server is used. Since I am running open servers I was interested in finding out how much my servers where used.

For the few last day I’ve been working on a project to turn a Zonbu machine into a NAT Server for home and small business settings.

The Zonbu machine is a small diskless computer, with 512MB of ram, and six USB2 ports, sold by Zonbu, Inc. for only $99. For that price and the addition of a few external disks, you can make a nice little NAS Server, to store, and share your videos, music, and important documents.

The NAS appliance I am building is based on the latest FreeBSD version FreeBSD-7.0. I am planning to use ZFS for volume management. That will allow the user to configure their disk with any kind of RAID, from RAID 0 to RAID 5. You will be able to share these disks on the net with any computer from Unix to Windows.

I haven’t completely definitively defined all the features this home sever will offer yet. I guess I’ll define them ad the project advances and I get feedback.

The geeks who are interested in this project can view the configuration for the kernel I am using to boot my Zonbu machine.

In my last article I showed how to use file descriptors in shell scripts. If your shell happens to be bash you can even have a file descriptor map to a network socket.

When executing a command on a /dev/tcp/$host/$port pseudo-device, Bash opens a TCP connection to the associated socket.

Usually people don't know or have forgotten that they can open file descriptors in shell.

Open a file descriptor in shell can be useful for two things. Manipulate several input and output as the same time, and for performance.

This short example show how to send a mail with attachments using Python.
First we create a Mime container using the class MimeWriter and then the message is sent using smtplib package.

Email harvester traverse the Web looking for email signatures in web pages. In the sole purpose of building large databases of email addresses to send spam.

That's why it is always a good idea to not publish your email address on a web page, but sometime you absolutely need to be contacted and you need to post your email address.

On web pages you have no control, such as forums, blogs or commercial websites, you can use a service like KasMail [kasmail.com] to create a temporary email address. When you need to enter your email somewhere you use that temporary email address. This email address is only valid a short period of time (from few days to several month) and then it is automatically deleted by KasMail. Email harvesters will send the spam to an expired email address.

Sometimes though, you need to publish your personal email address. What you can do is to obfuscate your address so the harvesters will miss it. Here is the recipe I often use myself.

If you have a Mac, UNIX, or Linux type the following line in a terminal window, to encrypt your email address. If you have Windows installed on your computer, install a real OS.

The string "Ym9vYmFAZ3VtcC5jb20K" is your email address encoded in base 64. Enter the following line in your web pages at the place you want to enter your email address.

Voila! An email harvester will see a group of meaningless characters, and a real web browser will display your email address.

Often you have to print a file or a directory size. Here is a small recipe to print a file, or a directory size easily readable by humans.


Example:

I am a heavy user of TGCaptcha. I know that Captchas are not the best answer to the spam issue but they limit a lot of problems caused by bots that scan the web for forms.

Last week, I discovered a big flaw in TGCaptcha: it can be bypassed very easily. In this post I will explain how to easily fix the problem, while waiting for the latest version of TGCaptcha.

HMAC is a type of message authentication code (MAC) calculated using a cryptographic hash function in combination with a secret key. The HMAC algorithm can be used to verify the integrity of information passed between applications or stored in a potentially vulnerable location.

For the full details on HMAC, check out the RFC-2104


Python provide some basic cryptographic services such as HMAC. The use of HMAC in python is pretty straightforward. Here is an example:



When run, the code reads its source file and computes an HMAC signature for it:



You can use HMAC in web applications to check the integrity of URLs or cookies.

Your application need to send a cookies with some information for example the login. Of course you don't want some to temper with this cookie and change the user name. One solution is to sign the cookie with an HMAC digest.

Here is a code snippet example: