This section will contain a number of "Computer" related articles, which will change from time to time. There's no particular organization or underlying theme, except I find the subjects of interest.

A Truly Portable Laptop A Web Test Server
Security The Change to the Website Structure.
   

A Truly Portable Laptop

In my work I visit companies in many locations and have had the need to access the Internet either for e-mail of information. At first I used to reconfigure my laptop for each location but that soon became tedious and time consuming, even with the use of DHCP which I use where ever possible.

For e-mail there was also the added difficulty of finding a suitable SMTP server to relay my messages. As most of my work is done in a windows environment I used windows 95 and then 98. I have never been a believer in using one makers products exclusively and have been proved me right time and time again.

My current favourite e-mail program is Pegasus, which has the benefit of being free and also not subject to the many problems which beset Microsoft. Because I have been happy with Pegasus for a number of years I decided to see if I could set-up Mercury (David Harris's SMTP server) to run as an SMTP Relay on the laptop.

Although Mercury is simple to set-up it took a little while to configure it as an outward relay only with the domain of my mail service. Just a few trial and error attempts and I had it working in minutes. Another good point for laptop use is that it uses less than 2Mb of disk space. Now with my e-mail coming in via POP3 and my outgoing e-mail being sent directly to the destination server, I never need to change the settings again.

The next peace of independence was to install a caching DNS server. I have found that some ISP's and some companies do not maintain reliable DNS servers. Here I obtained a copy of ExtraDNS, which although not free, is quite cheap and works satisfactorily. I know that they advertise it as improving the speed of surfing, which I have found to be marginal, especially as sometimes when attempting to access a new site you may need to try twice as some browsers time-out before the address is acquired for the cache. It's main benefit though is in giving you an independent personal DNS server.

Some may not think it not necessary but it's a nice safe guard to have and that is a personal firewall. I have stopped in time some companies logon scripts from reconfiguring my laptop by having one. Here again I'm looking not to have the finest technology can supply but to have an effective defence at a modest cost so I chose ZoneAlarm. It's free it doesn't use much in the way of resources and it is effective.

Now the one safety feature I never skimp on is a virus checker, I have Norton installed on the laptop. It works well but it costs. On my personal network I have both Norton's and McAfee, I can scan any system on the network. I'm not paranoid but it is good to keep a reserve just in case something happens.

Now that gives me the portability and freedom I needed. It uses the minimum of external "host" services and frees me from having to configure all the time. There is nothing really complicated in setting up any of these except in a small way the Mercury server but it's the combination that gives the freedom to roam and plug in anywhere.

Improvements

Although these do not so much improve portability they have saved valuable disk space. I used to have MS Office 97 on the laptop but like all other MS products it uses far more disk space than it really should so I removed it and replaced it with Claris Works 5, well I suppose I should say Apple Works 5 as they own it now. It takes only a tenth of the space Office 97 did and supports more formats.

 

Linux

Having had a liking for UNIX for many years, it was great to be able to install and use Linux a few years ago. This year I installed Mandrake Linux on my Toshiba Laptop and duelboot with Windows 98se. Of course I wanted all the independence of the Windows system I had built up before. In this case though it was even easier and it all came on the three CD disks from Mandrake.

I have to say I have installed many versions of Linux and Mandrake 8.1 installs the easiest of all, however it is still some way behind MS in this and I'd say that is now just about all it is behind in. If you get a clean install the first time you are OK, if you have to fiddle, add, remove of change anything I've found that it is quicker to note your requirements and install fresh from the beginning. I'm sure that will change and probably as quick as the GUI interface has improved.

Now for the configuration, I like the KMail from the KDE desktop, it reminds me to some extent of Beyond Mail. The obvious choice for the SMTP relay is Sendmail with a relay set-up I won't pretend that this is simple, it's not but it's made a little easier by the fact that the mandrake installation has a relay set-up template.

For a caching DNS server I chose BIND and set it up to work as a caching server, this works better than the ExtraDNS under windows even though it doesn't save the cache between rebooting.

I don't currently have a personal firewall for this set-up, I'm still looking.

Top February 18, 2002

 

Security

Just a little over a week ago CERT announced that Simple Network Management Protocol (SNMP) was a security risk to many major systems.

I remember about thirteen years ago when I worked for a manufacturer of routers and other network hardware, that we were warned to be careful not to enable SNMP if there was ever to be any danger that anyone could gain unauthorized access to the network and that there was a danger even from authorized access.

The danger lies in the fact that the SNMP has no real security, it has a "community" name, that was really not a security feature but a way to differentiate between different networks. It was well understood back then that the lack of security was a danger and there were committees who were attempting to rectify this with SNMP2. I'm really surprised that there are so many organizations still using SNMP v1.

The problem however is in SNMP version 1, which has many other holes which let others than the authorized management stations have access. Even if these holes are patched it's still an inherently insecure protocol. All you need are some simple tools some of which were published by Leeds University over ten years ago, a manual of commands and the Bib's for the devices you wish to attack. Now I know it is possible that assuming that the devices are working properly you can turn off locally the access to set values but there's half of your management capability gone.

With access to a target network, a sniffer and the above mentioned tools you could do almost anything you like. I have managed some network features with command line tools, turning ports on and off, it's not difficult.

Top February 19, 2002

 

 

A Web Test Server

If yo are doing trivial web design it's possible to make changes, even add pages, upload them and then use a web browser to see the results on the live server. Of course if something goes wrong and your changes don't work, you've just shown them to the world. We all make mistakes, of all sorts even as simple as typing a word wrong. My most common it "teh" instead of "the" or adding a space in the wrong place. Spell checkers used frequently find those and others fairly well, they don't find grammatical errors or the wrong word. Some errors can be quite comical in text but in code they can be quite devastating.

As the site design becomes more complex and as more people are working on the same site, it becomes imperative to have a test server to run through the changes and check that they work and that they have not affected another part of the site in any way unintended.

I visit many sites and usually in a helpful way, if I find an error I write to the web master to point it out. The other day I found an error in a web page where there were a number of links to it within the site. I entered to the page directly, it was a form to enter my details, I filled in all the fields marked as required, pressed the submit button and up popped an error which said I hadn't filled in a field. I went back but I couldn't find the field so I looked at the code for the page, yes there was code to validate a field but no matching field. I wrote to the web master and informed him of this error, he denied that there was a problem. Well I had checked it several times so I went back the to the site and not exactly to my surprise there was the missing field on the form. Now if he had a test server he may have seen the problem before it was released, then again maybe not it was a large site and I guess the pressure of work to keep it updated may have been to much for him to do much Quality Assurance.

Back to my server, it's in a temporary home at the moment. I had my test system already loaded with linux so I put apache web server on there while I build a more permanent home on an old 486 unit. Before all of you out there start saying a 486 can't handle a web site, don't you believe it there are a number of 386's out there and no one notices, sure they would not handle the load of an eCommerce application but there are a lot of fan sites and plain ordinary sites offering various type of information quite happily. Anyway this unit is at the most going to have only about half a dozen users at any time.

It will give me chance to experiment with virtual sites/servers too. From here I may also be able to test sites which access databases, something you can't do on your local ISP's site. They don't even let you run simple CGI code. Given the possibility of building a sample database it could be possible to even develop and test eCommerce sites.

Which leads me into the changes made to this web site.

Reformatting of this sites underlying structure

At the start of this site it's purpose was to commemorate Rich, with little thought to how the site would develop. To build a context around Rich, I added the rest of the family and it went from there with the site now being planned. It soon become noticeable that to make the planning and even the splitting off elements of the site, the underlying structure needed to be changed.

Each family member now has the possibility to move their part of the site to another server without any or very little code change.each part plugs into the main page and does not depend on any other part of the site. Any part of the site can be chanted without effecting any other part. Also on the test server using virtual servers each one can have their own site identified by their own server name. very much the same way an ISP or Web Hosting service works.

I have Samba Server running too but have to install an FTP server as I'm not sure if all of the tools for web authoring will work directly, I know the high end tools will.

Top

I wonder if anyone reads these ramblings.

Return