Setting up converse.js as a web-based chat client.

  chat howto javascript web_applications xmpp prosody client html5 solutions mistakes learning_experience firewalls

As not bleeding edge, nifty-keen-like-wow the XMPP protocol is, Jabber (the colloquial name for XMPP I'll be using them interchangably in this article) has been my go-to means of person-to-person chat (as well as communication protocol with other parts of me) for a couple of years now.  There are a bunch of different servers out there on multiple platforms, they all support pretty much the same set of features (some have the experimental features, some don't), and the protocol is federated, which is to say that every server can talk to every other server out there (unless you turn that …

Read more...

Military develops firewall appliance for battlefield networks.

  software bugs cyberwar firewalls hardware iraq logic_bombs military vulnerabilities

Following battlefield tales that Hezbollah had compromised the IDF communications network during operations in Lebanon last year, defense contractors have developed Meshnet, a hardware and software firewall appliance to protect the data networks of battlefield equipment, on the chance that someone would figure out how to infect them with malicious agents of some sort in the near future. Meshnet is supposedly based upon the Sidewinder Security Appliance from Secure Computing, but includes specialized hardware that deals with the network protocols and connection gear used in the control systems of tanks, armored personnel carriers, or what have you along with anti-spyware …

Read more...

Random knowledge VIII.

  aging alerts authentication certificates colleagues dating debian firewalls friends ibm iptables keys linux logging openssh pencams pkgconfig protocols redhat rpm signatures snort software ssh stv0680 titles women work xft

You're getting old if you consider sleeping until 0900 'sleeping in'.



When configuring a firewall with IPTables you have to specify the protocol before the port number(s) in each command. Do this:

iptables -A INPUT -s 1.2.3.4 -p tcp --dport 22 -j ACCEPT

and not this

iptables -A INPUT -s 1.2.3.4 --dport 22 -p tcp -j ACCEPT

If you don't, you'll see error messages to the effect of "Unknown arg '--dport'"

When writing Snort rules, there are a few things to keep in mind. First of all, rules come in two parts: the …

Read more...

Random knowledge VII.

  acer aspire awk bios bosses configuration data_analysis fiberoptics firewalls linux postnuke redhat rpm snort stupid_users supervisors

The /usr/bin/eject utility on a Linux system is a good way of figuring out which machine has what name in the KVM when you're dealing with a rack of machines, many of which are likely to be mislabelled. Use the eject utility to open the CD-ROM drive and see what machine you're really connected to; then update the labels in the KVM's configuration appropriately.



If your fibre-optic network card isn't seeing any traffic at all, try switching the plugs on the card. Some optical network cables don't have colour-coded connectors so it's easy to plug them into the …

Read more...