Geek Style

Here is why:

[root@hpc:~]# make mistake
make: don't know how to make mistake. Stop

Note the disk size, used space and free space.

[server:/usr] # df -h
Filesystem    Size   Used  Avail Capacity  Mounted on
/dev/ad0s1a    36G   1.8G    32G     6%    /
devfs         1.0K   1.0K     0B   100%    /dev

I noticed that today is the first birthday of this blog.
I don’t know why did I start this blog, may be just to test MovableType. And it was not a serious blog at the beginning, but now, it makes me feel bad if I do not write for a couple of days.

By the way, did you see that “Resume” ( read: Hire me! ) self-advertisement on the right pane of this blog?

According to Macworld, security firm mi2g has analyzed different operating systems including BSDs, OSX, Linux and Windows. The results are impressive:

The world’s safest and most secure online server Operating System (OS) is proving to be the Open Source family of BSD (Berkley Software Distribution) and Mac OS X based on Darwin.
It’s also claimed that Linux has become the most breached online server OS in the government and non-government spheres for the first time, while the number of successful hacker attacks against Windows-based servers have fallen for the last ten months.

Go ahead and read the complete article.

If you already know Java or Perl and want to learn Python, Mark Pilgrim’s Dive Into Python is a great learning material. Beside that, I love my reference book, “Python: The Complete Reference“.

For those who don’t know what is Python, I suggest asking people who know what is Python.

Javelin is my new friend. We are going to spend a lot of time together for next couple of months. What me and Javelin have in common is that we both love UNIX and can’t live without it. Javelin is going to help me improve my experience with SUN stuff.

The basic problem with Javelin was finding spare parts in local market which are hard to fine here. Finally after months of struggling with different dealers I could find a 21″ monitor, a used “Type 4″ mouse and keyboard, and PGX frame-buffer card.

I forgot to mention that Javelin is a SUN Enterprise 250 ( 2 x UltraSparc II 400 Mhz ). The codename for this server is Javelin. It is out of production since 1998, but it is still a monster for what I am planning to do. With 2MB of Level2 cache for each processor it really beats any Intel server (not really, it won’t, but it is very fast).

The first thing after setting up the hardware was to install Solaris 9 on it. I haven’t had the chance to play with it yet, but I am planning to try FreeBSD on it (it is supported).
I am going to do a performance test between Solaris 9 and FreeBSD 4.9 and also a Benchmark between a Dual Processor Intel machine and this Dual UltraSparc, sometime soon.

Bad news for FreeBSD community is that Greg Lehey has resigned from core team. I am not going to mention that what important thing he has done for the project. The main concern is that unfortunately more and more smart guys are leaving the project which is a bad sign.

This is what I am using in real world and it is working just fine.



What you need?

• FreeBSD: As your server operating system as I do
• Postfix: As MTA which is seriously the best MTA I know. Available in ports tree at /usr/ports/mail/postfix
• McAfee AV for Unix: While Symantec’s is the best in Windows, McAfee shines in Unix. It’s commercial, but worth to try. Available in ports tree at /usr/ports/security/vscan
• F-Prot: I use it as secondary virus scanner. Available in ports tree at /usr/ports/security/f-secure
• clamav: My tritary virus scanner. It is free, and like others is available in ports tree at /usr/ports/security/clamav
• amavisd-new: A fast and flexible wrapper for anti-spam and anti-virus software with easy integration with your MTA. Install it from /usr/ports/security/amavisd-new
• SpamAssassin: You can’t live without it. It will be automatically installed by amavisd-new, but you can find it at /usr/ports/mail/p5-Mail-SpamAssassin anyway

After installing above piece of softwares (I assume you know how to cvsup to latest tree and install software from ports in FreeBSD), read through this excellent how-to that learn you to integrate the amavisd-new wrapper into Postfix.
The wrapper will automatically utilize SpamAssassin as spam scanner and will find installed antivirus softwares to scan incoming messages. If you have more than one anti-virus installed, it will detect and use all of them.

Keep your antivirus signature database up to date. For McAfee vscan you can do it using ports tree by keeping /usr/ports/security/uvscan-dat up to date.

clamav has its own utility (freshclam) to keep the database up to date:

[root@server ~] # freshclam
ClamAV update process started at Tue Feb 17 23:20:11 2004
Reading CVD header (main.cvd): OK
main.cvd is up to date (version: 19, sigs: 19987, f-level: 1, builder: ddm)
Reading CVD header (daily.cvd): OK
Downloading daily.cvd [*]
daily.cvd updated (version: 133, sigs: 741, f-level: 1, builder: tomek)
Database updated (20728 signatures) from database.clamav.net (202.134.0.71).
[root@server ~] #

There is a nice script that could be extracted from mailscanner called f-prot-autoupdate that can update your f-prot signature database.
I suggest update your virus database via cron on a daily basis.

After configuring amavisd-new, run it in debug mode and check if eveything is in correct place. This can be done by running “amavisd -debug” command.

I didn’t go into details, assuming that you know how to setup a mail server and what is spamassassin. The integration how-to has enough details to make things work together.
My mail server with almost the same configuration (I am using DNSBL’s as well) is blocking 99% of spam and almost 99.9% of viruses which is very good for a combination of free softwares.
If you are looking for a piece-of-cake and commercial solution, I may suggest PureMessage by ActiveState (now part of Sophos), but I really don’t like their antivirus due to personal reasons.

I hope these explanations help you to harden your e-mail security which is a vital part of every business.

Using Markovian algorithm instead of Bayseian classification, CRM114 claims a higher accuracy level in catching spam emails.

Accuracy of the SBPH/BCR classifier has been seen in excess of 99 per cent, for 1/4 megabyte of learning text. In other words, CRM114 learns, and it learns fast

Don’t miss their slides (presented in The 2004 Spam Conference) that contains good resources and information for impatient readers.

When I was just thinking of porting putty to FreeBSD, someone else has done it.

Thanks to dinoex AT FreeBSD DOT org for acting this fast!