Until a couple days ago I wasn’t aware that postfix could filter mail it receives as a back-up MX as it can for domains it hosts directly. Once I realized it could I added some of my filtering to the domains I back-up for mail also. This has seen a significant drop in the emails I’m processing and a significant increase in the emails I’m rejecting. This is illustrated best by these 2 graphs:
and
I can’t point to what exactly put the idea in my head but I decided a few weeks ago to set up a water barrel to capture rain water from my roof and use it to water my food/herb plants, when possible. To that end I acquired 2 15 gallon barrel from a seller on ebay. The important thing to look for when getting your barrels is they were only used for food grade contents. My barrels formerly held olives, or so said the listing on ebay. After they arrived a sniff of them confirmed this was the case. Here is what they look like:
Once I had my barrels I needed to set them up to capture water running off the roof and for the one barrel to overflow into the second. Thankfully there are lots of guides online to help you figure out how to do this. I can’t point to using any one specific one because I read a bunch of them and used the knowledge gained to build my own.
The first thing I did was drill 2 holes in each barrel. The first hole was drilled low to allow water out for my irrigation:
The 2nd hole was drilled high to allow overflow to be handled in a controlled manner:
After I had drilled the holes I needed to put the appropriate hardware on the barrels to allow them to drain out water in a controlled manner. For the lower hole I used this:
and to control the water coming out I added a normal faucet end you might find for you garden hose:
For the upper overflow I used slightly different hardware it looks like this:
For both holes I used some general purpose caulk to make sure that everything was sealed.
Since this is DIY they fit on the faucet wasn’t perfect but it is functional.
The next step was to cut a hole in the lid of the main barrel to allow rain water to enter it from the downspout. To re-direct the downspout I used a flexible attachment from my local hardware store.
In order to filter out anything larger that might wash off into the barrel I added a normal window screen over the top. This also acts as a screen to prevent mosquitos from laying eggs in the standing water. Here is the final setup:
That hose connecting the two barrels is just a normal washing machine hose. And since I used the overflow on the 2nd barrel to accept overflow from the first barrel I added a 2nd over flow from that barrel. Another thing I did was drill a couple holes in the lids of both barrels so any rain water won’t collect there.
In doing some tests with my soaker hose and normal hose I found that the barrels don’t have enough pressure to make these effective. So next up on my to do list is use a smaller hose, punch some small holes in a targeted manner to water just where I’ve planted.
I’m now up to date and current with Wordpress 2.5.1 installed.
On the Envision Baltimore google group the topic of the Charles Street Trolley has re-surfaced. While I am not opposed to this I have a crazy idea for a street car that could be quickly and easily put in place and do something crazy like making Metro (the subway) more useful.
Here’s my idea. Install a street car that runs down Broadway from the Johns Hopkins Hospital Metro Stop to the Broadway Pier in Fells Point. It is a short run of just 1 mile (so a 2 mile roundtrip). Here’s the route:
As I see it here are the pros of my idea:
and the cons:
Is a pretty nice place. We had wonderful weather yesterday and got to go check out the Garden of the Gods park which is right down the road from where I am working this week. We knew it was going to be picture worthy to the extent that a co-worker had us srive across town so he could buy a new digital camera to take pictures. Here are some of my better shots from yesterday:
I’ve been playing with lightttpd for use on servers that need to have a web server but not the bulk of Apache. So far I’ve been very happy. There have been small bumps like getting php to work (the php binary should report ‘(cgi-fcgi)’ not just ‘(cgi)’) but other than little things like taht it works great.
One thing I would liek to use lightttpd for is to allow an end user to resync a hardware token via a website rather than having a login on the server. To that end I wanted to enable client certificate authentication with lighttpd.
Sadly the latest build of lighttpd (1.4.19 as of this writing) doesn’t support this by default. Thankfully there is a patch available. First download lighttpd, then the lighty-clientvalidation-1.4.x.2.patch patch.
Next
cd cd lighttpd-1.4.19 then: cat ../lighty-clientvalidation-1.4.x.2.patch| /usr/local/bin/patch -p0 now: ./configure --with-openssl=/usr/local/ssl/ finally: make install
You lighttpd daemon will now support client cert authentication. That is if you configure lighttpd.conf correctly. This is fairly simple, just add the following lines:
ssl.ca-file = "/etc/lighttpd/cacert.pem" ssl.verifyclient.activate = "enable" ssl.verifyclient.username = "SSL_CLIENT_S_DN_CN" ssl.verifyclient.enforce = "enable" ssl.verifyclient.depth = 2
restart lighttpd (or start it for the first time) and with a cert signed by the CA you included above you can access the SSL server, without it you get rejected.
up next how to import the cert into Camino (Firefox, and Safari/OS X’s Keychain were cake, Camino is proving problematic)
My new water heater was installed in 2 hours this morning. That included the time it took to remove the old one. The comment from one of the plumbers when we removed the insulation blanket to reveal the old water heater “Wow, that’s old”. So I’m probably lucky it lasted as long as it did. Now I can take hot showers, run the dishwasher, and wash my clothes in something other than cold water.
so when you walk down to the basement and find water on the floor near the hot water heater you can’t just ring up the landlord and have them fix it. And of course this happens on a Saturday before you’ve invited friends over for dinner.
I’m lucky that it was not a catastrophic failure but merely a small leak. As such I was able to deal with shutting it down and draining it without much trouble. The task of dealing with getting a new one on the weekend was something I decided to forego though. I have an alternate location I can shower fo rteh next day or two and not rushing it will allow me slightly more time to figure out what I want to do. Minimally I will replace the current water heater with the most efficient one I can get. I’m also toying with getting a tankless system. That will largely depend on if my plumber can deal with that and/or overall cost.
And to add to the bad timing I can’t deal with having one installed Monday since I have a meeting I HAVE to be at in the middle of the day. I also can’t ask Danielle to take a day off and help because she has to be at work too. So I probably won’t get a new unit installed until Tuesday (provided the plumber can do it that quickly).
[update]
Oddly enough the hot water heater in Danielle’s apartment has failed in a very similar fashion this weekend (we discovered this tonight). Luckily she rents so a call to the apartment complex will probably result in a new hot water heater installed tomorrow.
On Tuesday I emailed (vi the online sun store) asking if a given CPU spare comes with a heatsink or not. Here is what I sent:
I am considering purchasing AMD Opteron Model 2210 dual core processor for
Sun Fire X2200 M2 x64 server ( part #: X5283A-Z ) to add a 2nd CPU to my
SunFire x220 m2. However I need to know if this item includes a heatsink
for the CPU. The item description does not note if it does
The response I got was this:
It would be beneficial to speak further with a Sun representative in regards to a cost analysis and technical aspects
of this system. I will need to gather some preliminary information from you.Please provide your complete contact information, address, email, phone, professional title, primary function and
OS for the system, and your purchase timeframe.I will then have our Sun representative follow up with you as soon as possible.
This is the same behavior I experienced last year when looking to purchase from Sun. In the interim I actually provided feedback and participated in a customer feedback session with Sun (and they paid me) that directly related to this from last time. While the web store has improved since then, this behavior is not an improvement. I think my next course of action is physical letter to Mr. Schwartz.
Today I got an itch to grab banners from services. I didn’t immediately find any code to do exactly what I wanted. I did find code to do something more than I wanted. Here is that code: http://packetstormsecurity.org/UNIX/scanners/banner.c. It is much more full featured than I wanted as it is will scan multiple IPs and ports grabbing the banners and doing some simple logic to determine if they might be vulnerable. So spent a little while this afternoon and hacked it up to just grab a single IP and port combination banner. Not being very creative I named my derivative work banner2.c .Here’s the code:
/* Name: banner2.c v0.9
* hacked up by: pjohnson@bosconet.org
* original code by Author: Cyber_Bob
* Made: Code Crusader 2.1.4 (very l33t scr1pt maker, y0 
* Compiled: linux 2.2.16 i686 (slackware 7.1)
* gcc version egcs-2.91.66
* gcc banner2.c -o banner2
*
* ------------------------------------------------------------------------------
* Release Notes:
*
* This version is a big improvement over the last version. Some added features
* are the ability to scan a range of hosts and it will look for keywords in
* banners to check for a possible entry point for breakin. I've also been told
* it works good for reporting Wingates which prove ever useful on IRC. Also, it
* has the ability to recognize certain ports daemons by name (RFC Standards).
* If a possible vulnerable daemon is found you must strike enter before the scan
* will continue. Look for logging options in the next version. As of right now
* I am only testing idea's. There is also a delay in microseconds between
* connections to each port, this options is #define'd at 500000 (half a second)
* by default so you can watch the output scroll by without much effort. For a
* simple method of logging I added a "< !>” event at the beginning of lines that
* signal a possible risk (I like to call it the attention mark) for easy parsing
* of a command like:
*
* pjohnson hack:
*
* I wanted a simpler tool to just grab the banner on a given tcp port
* the first one I found was Cyber_Bob’s banner.c . It works great but is MUCH more
* full featured than I wanted. So I took his fine work and stripped it down to what
* I wanted. This is the result…..to run:
*
* ./banner2 127.0.0.1 22
*
* ——————————————————————————
* [Shoutz] #NuKeZ , #OutLaw , #Assassins , and #twlc cr3w’z
*
* [Shoutz/People] ^Paladin^, Sleep, L^WaRrioR, DePhAzEr, Dark, skalore,
* Jackery, firebird1, trunck, Cyber_Egg (stupid ass bot),
* h1kari, Sleep, soulFate, CommPort5, RizzDog, ScuzleBut,
* sgxxxxxxxxxxxxxxxxxxxxx (lots of leet x’s ;P), n0th,
* t03tag, USSR Labs (just cuz they dissed marc of eEye ;),
* VIRILATOR, evilgh0st, Phear, anybody else I forgot and
* deserves to be in here..
* ——————————————————————————
*/
#include
#include
#include
#include
#include
#include
#include
#include
#include
#define VERSION “1.0 beta”
#define DELAY 500000
char data[1000];
int sock,p1, p2,i=1,ctr2;
unsigned long start, end, ctr;
struct sockaddr_in sa;
int main (int argc, char *argv[]) {
if(argc!=3) {
printf(”\nUsage: %s
exit(1);
}
else {
start=inet_addr(argv[1]);
p1=atoi(argv[2]);
}
ctr = ntohl(start);
if((ctr & 0xff) == 0) ctr++;
if((ctr & 0xff) ==255) ctr++;
sa.sin_family=AF_INET;
sa.sin_port=htons(p1);
sa.sin_addr.s_addr=htonl(ctr);
sock=socket(AF_INET,SOCK_STREAM,IPPROTO_TCP);
connect(sock,(struct sockaddr *)&sa,sizeof(sa));
fflush(stdin);
memset(data,0,sizeof(data));
read(sock,&data,1000);
printf(”host: %s port: %d banner: %s\n”, argv[1], p1, data);
usleep(DELAY);
return 0;
}
