Ordb.org really is closed

by Mads
March 25, 2008 at 23:34 | categories: security

As I wrote in December 2006 the RBL at ordb.org has been shut down. From the nameserver traffic, there's quite a few who didn't react to the shutdown notice. In fact so many that the traffic is quite significant. From today, they're sending a wakeup call to admins who haven't fixed their configurations yet.
The result of still using relays.ordb is likely to be blocking of all mails.

UPDATE: More details here.

ordb is shutting down

by Mads
December 19, 2006 at 00:24 | categories: security

Today the Open Relay DataBase announced that they are shutting down, have already removed all the listings from the zone and will be removing their website at the end of the month.
For some people it happened very suddenly, but I know the guys and they've been talking about shutting down for more than a year. That it happened now, was just a result of some external factors, forcing them to either do a fair amount of work now or just finalise the long awaited shutdown. A look at their New and fixed relays statistics show that there really hasn't been much change in a very long time. That might hint towards there not being enough open relays to care, but the graph below shows that there still is a fair number of open relays out there. As an ordb user, I've not seen many spams originating from open relays in the last couple of years, but it will be very interesting to see if the more than 200k open relays won't tempt spammers...
Slashdot coverage. As always, slashdot seems to attract some "interesting" comments like these.
Heise writes: Anti-Spam-Datenbank ORDB streicht die Segel.
UPDATE: The story makes it to AP.

ordb relaycount

Opensolaris user groups

by Mads
October 29, 2006 at 23:42 | categories: sun, security, solaris

Thursday night I went to the first meeting of the Netherlands Opensolaris User Group.
The program was quite interesting (even if I only understood half of it). Both Bart Muijzer and Casper Dik spoke in dutch but at least their slides were in english so that I think I might have understood the important parts and only missed most of the jokes. The one joke I didn't entirely miss was the one about why they chose NLOSUG rather than NOSUG. The main talk of the night was Darren Moffat talking about opensolaris development and zfs crypto. The zfs crypto project looks very interesting and I was quite pleased to hear that many of the hard bits in the implementation of an encrypted filesystem already has been identified and are being handled in the implementation. I hope Darren will soon manage to get some code online because I think this code has the potential to become one of the most solid implementations of an encrypted filesystem and by using the Solaris crypto providers, support for hardware acceleration and key storage should be simple.
The turnout was quite impressive with something like 60 people there.
The trip there and back again was a bit more interesting than I had planned. First was a 1:30 train ride through Utrect to Amersfoort and then the fun began. I'd looked at the usually quite practical 9292ov site and found that the last bit of way from the station was supposed to take around 30 minutes involving 2 busses and a fair bit of walking as well. Rather than having to deal with that, I opted for the 45 minute walk that viamichelin suggested. Note to self:not all routes suggested by them for walking are good - a sidewalk would have been a nice feature rather than having to walk the grass at the roadside. The walk back to the station was a lot less eventful, although I'd have preferred a map with slightly more detail than the whole city in 2x2 inches. The usual trick of checking that you're headed in the right direction by looking at the maps in bus stops also failed because for some reason they had taken away the detailed maps from every stop I passed leaving only a large map with less detail than my own. Other than that, it was quite uneventful, I got some good exercise and was back at my place by 1:30.

Saturday I met up with a couple of friends and went to Bof day and was quite impressed by the turnout at the opensolaris bof. For some time I've been talking to a friend about starting a DK OSUG, but we were still in the early planning stages because Solaris isn't all that widely used in Denmark and most of the opensource activities in the Copenhagen area seems to be either Linux or BSD. The turnout at the bof and the enthusiasm and curiosity displayed by the people there has made us rethink the whole thing and we've started looking at the possibility of doing an evening with a couple of introductory presentations and a sort of installfest. Watch this space and announcements going to opensource.dk for more details. The bof day also had sessions about virtualisation and tuning of live systems where we got to talk even more about opensolaris.

Flying the unfriendly skies

by Mads
September 24, 2006 at 22:36 | categories: security, misc

Todays PC and Pixel predicts a bleak future for airline travel.
It all fits pretty well with the wondermark comic I wrote about.
I wonder how long this can go on before people get enough? I for one don't much fancy the idea of flying to .us and I'd absolutely refuse to go there via .uk.

Root free httpd on Solaris

by Mads
September 19, 2006 at 21:21 | categories: httpd, security, solaris

As I was playing around with Sun Studio 11 and trying out different compile options on httpd I bumped into the old problem of not being allowed to bind port 80. In usual circumstances I'd just switch to a port above 1024, but why not use Solaris privileges instead?

The usual error:
(13)Permission denied: make_sock: could not bind to address

Finding the missing privilege:
# ppriv -eD ./httpd -k start

httpd[12474]: missing privilege "net_privaddr" (euid = 100, syscall = 232) needed at tcp_bind+0x631

As root add the missing privilege:
# usermod -K defaultpriv=basic,net_privaddr apache
# grep apache /etc/user_attr

Start httpd as the apache user and you're done.

Of course there's a lot more to it than just handing out privileges, but you can find much more in the Roles, Rights Profiles, and Privileges section of the System Administration Guide: Security Services

Next Page ยป