Mathieu’s log

In order to install a wireless connection in my mother’s laptop, I used an old Netgear PCMCIA wireless card of mine. However, I faced the problem that when clicking on the home network in the list of available networks in NetworkManager, WPA encryption wouldn’t come out as a possible encryption method, although the network IS using WPA. The solution was to flash the card’s firmware. You can find an excellent how-to here but here’s a quick summary of what I did (assuming the interface is wlan0).

# apt-get install hostap-utils
$ wget http://www.red-bean.com/~proski/firmware/Latest-prism.tar.bz2
$ tar xvfj  Latest-prism.tar.bz2
$ cd Latest-prism/
# prism2_srec -f wlan0 -O /proc/net/hostap/wlan0/pda primary-FLASH/pk010101.hex secondary-FLASH/sf010804.hex

You can run the following command before and after the firmware upgrade to check that the firmware version was upgraded correctly:

# hostap_diag wlan0

I’m giving my old laptop to my mother so that she can browse the web, write emails and chat over instant messaging and I wanted to replace Debian with Ubuntu. However, the cdrom no longer works and the mother board doesn’t support booting from an USB drive. One solution is to add an entry to your bootloader pointing to a netinstall vmlinuz (here called linux) and initrd.gz and choose that entry at boot in order to perform the netinstall. You need an Internet connection over a LAN network with a DHCP server. All the details are available here.

I own a Macbook on which I’ve been running Linux 99% of the time for over a year now. Although a Macbook is not necessarily the best choice to run Linux, I made that decision because installing Linux on a Macbook is very well documented. However, as far as you can get, it’s always difficult to get a configuration you are 100% happy with (no subwoofer support, flaky suspend…). With recent advances in virtualization technologies, both in software and hardware, I’ve been willing to test running Linux and Windows (the guest OSes) inside Mac OS X (the host OS).

(more…)

If you get segmentation faults every time you run apt-get and apt-cache, try to delete /var/cache/apt/*.bin and then run “apt-get update”. It should make the trick.

I am lucky enough to own my own server at an ISP in Paris and I figured out lately that it was freaking (and I mean freaking) easy to create a SSH tunnel between it and my computer here. I just run this single command on my local computer:

$ ssh -N -D 8000 username@serverhost

It creates a SOCKS proxy server (i.e a multipurpose proxy server) listening to the port 8000 of the local machine. All communications on this port go through a SSH (encrypted) tunnel and are then transmitted to the real target by my server.

Then in the Firefox settings (or Gaim or any other client), I just have to define localhost and port 8000 as SOCKS server. It allows me to browse the web as if I were in France. Very useful (I let you guess why). I use the proxy button Firefox extension to quickly switch from using the proxy to not using the proxy.

It does not require root privileges neither on my local machine nor on the server.

Another and maybe more elegant solution is to run an HTTP proxy like Squid on the server and to bind a local port to the port the HTTP proxy is listening to. Something like:

$ ssh -N -L 8000:servertarget:8000 user@serverproxy

Of course, in this case you don’t have to define a SOCKS server but normal HTTP server in the Firefox settings.

Until recently, as an internet gateway/router/firewall/access point, I was using LEAF Bering (Linux Embedded Appliance Firewall) on a small fan-less appliance that uses a compact flash as a hard disk. It worked quite correctly but I was not happy with the fact that LEAF cannot evolve easily. It requires very specific knowledge and I felt like I was not really controlling it.

During last week-end, I felt somewhat courageous and started building a mini system based upon Debian which is a much more standard distribution and which I know much better. A requirement was that it had to be pack on a 128MB flashcard. I took some notes so I’ll describe below the steps I followed. Hope that it will help someone.

(more…)

Spammers are everywhere. After mail spam, comment spam, wiki spam, in case you didn’t know, now there’s also referer spam.

The technique involves making repeated web site requests using a fake referer url pointing to a spam-advertised site. Sites that publicize their access logs, including referer statistics, will then also link to the spammer’s site. This benefits the spammer because of the free link, and also gives the spammer’s site improved search engine link placement due to link-counting algorithms (e.g. Google’s PageRank) that search engines use.

So what can we do ? Of course the first thing to do is not to publish the site’s statistics. So for my site FFWorld, I made the access to statistics private but gave the login and pass on the site so real people can see them and Google won’t index them. Thanks to that first recommendation, you rob spammers of the only benefit they have. This is quite enjoyable.

But the fact is referer spam is a so simple technique, which only requires one little HTTP request (without the need to wait for the server response) , that it seems that even sites which don’t publish their statistics are blindly spammed. The nuisance is real for the site’s owner because it gives a bad image of the site’s traffic and referers. Currently techniques to fight referer spam involve URL blacklists, which as this link details, is an unwinnable race. So I’m left with the joy that spammers won’t benefit from spamming my site…

I personally prefer not to use mail services like gmail and manage my mails on my own server. But I receive a lot of spams everyday which is a real pain. You can use any solution you want to hide your email address, those spammers always somehow manage to get through.

Until now, I’ve been using client-side spam filtering with Thunderbird which is a simple solution but has a number of drawbacks : it uses more bandwith and above all if you read your emails via a client on another computer or via a webmail, spams are not filtered. So a few days ago, I finally installed Bogofilter on my server which turned out to be very easy. I’ve chosen this solution for its statistical approach (bayesian filtering) and because it is said to be faster than SpamAssassin (Bogofilter is written in C, SpamAssassin in Perl).

(more…)