Mathieu Blondel

If you get segmentation faults every time you run apt-get and apt-cache, try to delete /var/cache/apt/*.bin and then run “apt-get update”. It should make the trick.

I am lucky enough to own my own server at an ISP in Paris and I figured out lately that it was freaking (and I mean freaking) easy to create a SSH tunnel between it and my computer here. I just run this single command on my local computer:

$ ssh -N -D 8000 username@serverhost

It creates a SOCKS proxy server (i.e a multipurpose proxy server) listening to the port 8000 of the local machine. All communications on this port go through a SSH (encrypted) tunnel and are then transmitted to the real target by my server.

Then in the Firefox settings (or Gaim or any other client), I just have to define localhost and port 8000 as SOCKS server. It allows me to browse the web as if I were in France. Very useful (I let you guess why). I use the proxy button Firefox extension to quickly switch from using the proxy to not using the proxy.

It does not require root privileges neither on my local machine nor on the server.

Another and maybe more elegant solution is to run an HTTP proxy like Squid on the server and to bind a local port to the port the HTTP proxy is listening to. Something like:

$ ssh -N -L 8000:servertarget:8000 user@serverproxy

Of course, in this case you don’t have to define a SOCKS server but normal HTTP server in the Firefox settings.

Until recently, as an internet gateway/router/firewall/access point, I was using LEAF Bering (Linux Embedded Appliance Firewall) on a small fan-less appliance that uses a compact flash as a hard disk. It worked quite correctly but I was not happy with the fact that LEAF cannot evolve easily. It requires very specific knowledge and I felt like I was not really controlling it.

During last week-end, I felt somewhat courageous and started building a mini system based upon Debian which is a much more standard distribution and which I know much better. A requirement was that it had to be pack on a 128MB flashcard. I took some notes so I’ll describe below the steps I followed. Hope that it will help someone.

(more…)

Spammers are everywhere. After mail spam, comment spam, wiki spam, in case you didn’t know, now there’s also referer spam.

The technique involves making repeated web site requests using a fake referer url pointing to a spam-advertised site. Sites that publicize their access logs, including referer statistics, will then also link to the spammer’s site. This benefits the spammer because of the free link, and also gives the spammer’s site improved search engine link placement due to link-counting algorithms (e.g. Google’s PageRank) that search engines use.

So what can we do ? Of course the first thing to do is not to publish the site’s statistics. So for my site FFWorld, I made the access to statistics private but gave the login and pass on the site so real people can see them and Google won’t index them. Thanks to that first recommendation, you rob spammers of the only benefit they have. This is quite enjoyable.

But the fact is referer spam is a so simple technique, which only requires one little HTTP request (without the need to wait for the server response) , that it seems that even sites which don’t publish their statistics are blindly spammed. The nuisance is real for the site’s owner because it gives a bad image of the site’s traffic and referers. Currently techniques to fight referer spam involve URL blacklists, which as this link details, is an unwinnable race. So I’m left with the joy that spammers won’t benefit from spamming my site…

I personally prefer not to use mail services like gmail and manage my mails on my own server. But I receive a lot of spams everyday which is a real pain. You can use any solution you want to hide your email address, those spammers always somehow manage to get through.

Until now, I’ve been using client-side spam filtering with Thunderbird which is a simple solution but has a number of drawbacks : it uses more bandwith and above all if you read your emails via a client on another computer or via a webmail, spams are not filtered. So a few days ago, I finally installed Bogofilter on my server which turned out to be very easy. I’ve chosen this solution for its statistical approach (bayesian filtering) and because it is said to be faster than SpamAssassin (Bogofilter is written in C, SpamAssassin in Perl).

(more…)