In response to my article about using the recent IPTables module to fight brute-force password attacks, based on an idea from Andrew Pollock, a reader worked out the idea into a complete firewall script, with configurable whitelisting, the ability to block multiple ports, and several other enhancements. Read his post for the details.

You can download his firewall script here. You can contact the author at the address meetscott at the domain netscape.net.

It took me a while, but I got my XS4ALL UMTS subscription through their “mobile connect card”, working under Linux.

I started out, of course, with the procedure described here. That worked to the point that I was succesfully authenticated and connected to the network, but then PPPD immediately complained that the modem hung up.

Read the rest of this entry »

After I left my previous job I was in the market for a new laptop, so after a bit of searching I purchased a Sony VAIO SZ2XP. I’m very happy with it, although every now and then I get some doubts over whether I should have bought the TX model instead. Either way, it’s a beautiful machine, very lightweight (1.65kg) but it feels sturdier than most laptops I’m familiar with (not including those 17″, 4kg desktop replacement beasts). Very good specs, and it’s pretty much the only laptop I could find with both a PCMCIA and a PC-Express slot, which was an important criterion for me.

Read the rest of this entry »

Well, just in case you had a burning desire to know what OS was running on the terminals for the experimental chip-card system for public transport in Amsterdam and Rotterdam:

Synergy lets multiple machines share a single mouse and keyboard, and makes switching between them as easy as moving the mouse from one screen to another on a multi-monitor setup. Just move the mouse off the edge of the screen, and it enters the screen of another machine, taking the keyboard with it. It even manages the clipboard, so you can copy a piece of text on one screen and paste it into a window on another machine. It’s open-source and supports Windows, Linux and the Mac.

The config program could be more intuitive, but once it’s set up it works really nifty. It’s great for working on my laptop and desktop at work, or for switching between my Mac and my Ubuntu machine at home. Which is why I hereby give Synergy the official “recommended by Martin” award.

Like everybody who has a Linux server running an SSH daemon connected to the Internet, I regularly get attacked by people (well, botnets probably) trying to do a brute-force attack against the server. Such attempts can take many hours, during which they simply try many thousands of possible username/password combinations.

As long as you have your SSH server configured properly, the most important thing being to only allow SSH access to accounts which actually need it, this is more an annoyance than a problem. Nonetheless, it is an annoyance, if only because of all the crap in your logfiles.

There are many ways to detect and block such attacks. sshdfilter works well, and a good detailed overview of the various options can be found here. One that particularly appealed to me, however, was a very simple netfilter-based technique consisting of only two lines of iptables code. It uses the recent netfilter extension, and the idea of using it to combat SSH attacks was apparently first conceived by Andrew Pollock.

Read the rest of this entry »

“We now know that the moon is demonstrably not there when nobody looks.”
– N. David Mermin

Last Wednesday, I was in a pub with some friends. That is to say, we are no longer colleagues, yet a good time was had by all (except for the one who got drenched in beer by the newbie waitress), so I’d say “friends” would be the appropriate classifier.

A laser pointer happened to be present, and we were playing with it, so of course the conversation turned to quantum mechanics and the Einstein-Podolsky-Rosen paradox. We remembered what the paradox was about and what it was supposed to prove, but we didn’t quite remember why it was a paradox; in other words, why the hidden variables hypothesis was not an acceptable alternative to nonlocality. So I looked it up afterwards.

Read the rest of this entry »

My site was down for most of the day yesterday, as XS4ALL moved me to a new IP address because I am now an ADSL-only customer. The move to the new IP went smoothly enough, but I had to restart my firewall script manually, and of course the DNS records for mwolf.net and martinwolf.net had to be changed. And because I was at work, I couldn’t see to that right away.

No mail should have been lost, however, thanks to EasyDNS’s backup mail spool feature. I run my own mailserver, but there is a secondary MX record which points to a backup server maintained by EasyDNS, which caches anything sent to me while my own server is down and then forwards it when I’m up again. Great feature!

~$ dig mwolf.net mx

;; QUESTION SECTION:
;mwolf.net. IN MX

;; ANSWER SECTION:
mwolf.net. 10416 IN MX 5 mwolf.net.
mwolf.net. 10416 IN MX 10 smtp.easydns.com.
mwolf.net. 10416 IN MX 100 smtp2.easydns.com