Archive for October, 2007

Running Windows 2000 on SuSE 10.2 with VMware

October 14, 2007

This article consists of notes, comment, and links supporting the installation of VMware Workstation and VMware Player. My primary motivation was to run programs in Windows 2000 on a SuSE 10.2 Linux host. Read more …

Advertisements

Securing SSH with DenyHosts

October 14, 2007

The frequency of brute force attacks on SSH is increasing but can be stoped with DenyHosts for example. A simple hack starts the program only to check during a login.


Some month ago, I noticed in the log files of a server an increasing frequency of SSH attacks. The attackers obviously used scripts to try long lists of logins such as common names and standard accounts. Fortunately, I had already changed /etc/ssh/sshd_config to deny access as “root”, and to permit access only for a selected group of users:

PermitRootLogin no
AllowUsers Dave Jack Scott

This was an initial step to minimize the risk of brute force attacks. To slow down the speed of an attack I also limited the number SSH daemons:

MaxStartups 1

Unfortunately, OpenSSH does not have any mechanism build-in to stop unsuccessful login attempts that come from the same IP address. So, I started looking for other tools and found DenyHosts and SSHDFILTER interesting. I preferred DenyHosts because it uses /etc/hosts.deny to block the access from attacking IP address and did not require IPTABLES.

DenyHosts can be automatically started as cron job or can run in daemon mode. Both methods can be used to check in defined time intervals the log file for failed logins and deny access from an IP address with more failed logins than the defined threshold. The configuration file for DenyHost offers very fine-grained settings. For example, the threshold for known users can be higher than for unknown users so that the tolerance for password typos can be higher than the maximum number of unknown login attempts. Another very interesting feature is the purge option that can be used to reset the number of failed logins after a defined time interval.

Running DenyHosts in daemon mode or as cron job leaves the time interval between two scans of the log files as time window for an attacker. The log files showed that the frequency of SSH connections during an attack was about one per second. To keep the time window short it would be necessary to run DenyHosts very frequently just to secure the SSH port while SSH access is not in permanent use. I thought running DenyHost once per login to check the log file would minimize the effort and the time window for attacks.

Eventually, I found a hack to realize it. It is quit simple. I configured DenyHosts to write all blocked IP addresses in /etc/host.blocked and use it in the first line of /etc/hosts.deny. This avoids that IP addresses would be added to the end and gives /etc/hosts.blocked a high priority because TCPWRAPPER stops scanning /etc/host.allow and /etc/hosts.deny when it finds a matching IP address. All logins from not blocked IP addresses get eventually to the last line where the SPAWN option is used to start the Python script DenyHosts:

ALL:/etc/hosts.blocked
sshd:ALL:spawn python2.4 /usr/bin/denyhosts.py –purge -c /etc/denyhosts.cfg: allow

Since then the log files have shown that the access from attacking computers was denied after the defined maximum number of failed logins was reached. DenyHosts is an excellent program that even allows running an external program or script as a plug-in. This could be the next hack to keep a record of denied IP addresses for statistics because it would be interesting to know if the attackers return after their IP address is removed from /etc/host.blocked. But using DenyHosts with a threshold of five failed logins for unknown users does not allow them to run a brute force attack anymore.

Related bookmarks — absolutely del.icio.us

The OpenSSH project recently asked for donation so that the development can continue. PLEASE CONSIDER TO DONATE!

The Evolution of Bookmarking — Bookmarks, Firefox, and del.icio.us

October 14, 2007

Saving bookmarks for websites has dramatically changed during the last years. The current rapid development looks even like an evolutionary jump.

When I started saving bookmarks for websites many years ago I had only about 200 that I could easily organize in a directory with not more then three levels of folders. This served well the purpose at the time. Later I started using AltaVista to search the web. Eventually I switched to Google as primary search engine because Google’s format of the search results made it more successful to choose websites that provided the information I was searching for. The big difference was that Google’s two lines of sample text containing the search terms showed the context while other search engines at the time were lacking this critical piece of information.

When Google became popular most people saw it as a new way of getting to websites and bookmarking became a less interesting feature of browsers. All the search engines were very successful when the information I was looking for were sufficiently characterized by a few words. So, it was always very easy to find the latest version of a popular program for download. But in many cases it was impossible to get an article back that I had read a few weeks earlier if there was no specific combination of words that could be used to filter it out.

The bookmarking eventually returned but the meaning had changed. Before, bookmarks were primarily used to revisit websites but at this point in time they became for many people the permanent history of evaluated websites. It was possible to go back to an article and get the information whenever it was needed. This is different from the common history of a browser that contains just any website and a large history can make it very difficult to find a particular website.

The number of my bookmarks started growing faster than before. The effort of organizing them in a directory became eventually too much, so that the bookmarks became just a list that was lacking any kind of context. All conventional bookmark managers still try to attack this problem by reducing the effort for organizing the bookmarks in a directory. But besides the effort there was another problem of directories. It was almost always possible to place a bookmark in multiple places of the directory tree but not in a unique place. When I saved it in one directory it could be that I would search for it a few months later in a different place. This is not only true for bookmarks but also for files or any information organized in a directory. A few commercial bookmark managers addressed this problem by using a database and keywords for each bookmark. But adding bookmarks was not very practical because it required to scroll through the long list of keywords in order add a few to the bookmark.

A few years ago Mozilla introduced a search bar in the bookmarks manager. Well, it was searching the titles only and titles do not necessarily contain the context that was important to me. For example, a website with the title “The Evolution of Bookmarks” would show up in the search results when I searched for “bookmark” but it would not in a search for “Firefox”. So, the hack was to bookmark the website and to add quickly the context that was important to me, e.g. “The Evolution of Bookmarks – Firefox GUI search annotation”. This changed dramatically the way I used bookmarks. Eventually, I spent a few hours and converted most directories into this pattern. The few remaining directories are exclusively used for the bookmark sidebar that contains frequently visited websites. A directory with main bookmarks at the top level and one or two sublevels provide a visual reminder and quick access.

Saving bookmarks and adding context information helps to bring back the websites quickly when the information is needed. I started thinking about an interface that would provide the functionality needed to make adding words as context easier, less time consuming, less vulnerable to spelling errors, and remind me of words I had used before. A long list with keywords with a scrollbar was not very appealing but multiple lines of space separated words that I could click at in order to add them or to remove would improve usability I thought. Also, the bookmark should show up at the sidebar or at the bottom of the screen as soon as I load the website so that it reminds me of previous visits, provides the context I had added, and any notes I made about the website.

Well, it turned out that this wish list was partially realized in del.icio.us, an online service for social bookmarking. Joshua Schechter has designed an excellent interface to add bookmarks and enter tags as context. There is no unnecessary link or text on the interface. It provides all tags that were entered before as links so that entering by keyboard and by the mouse can be combined. Del.icio.us has the very best interface I have ever seen for a social bookmarking service. I’m sure some people will argue about that but for me the clear design of del.icio.us follows the wonderful principles of simplicity that are also used by Apple or Google. Using one of the famous bookmarklets for adding bookmarks to del.icio.us makes it very similar to saving it in the local bookmark manager.

The major difference between a tree hierarchy and tagging seems to me that looking at the hierarchy while selecting items provides some guidance in choosing the next item. This reinforces the relationships within the directory tree to some degree while the current tagging systems misses any relationship between tags – a critical issue that was also addressed in a whitepaper by Hans Reiser because it is important for the next generation of ReiserFS file system on Linux. Potential solutions to this problem include the definition of main tags and the support of tag combinations. It would be helpful if the user could define the main tags that show up in an extra line on top to reinforce the use of main categories. A second line could show the tags that have been used in combination with the selected main tag(s).

In the future, browsers will hopefully adopt the tagging of bookmarks and provide a faster response time than any web service can. Synchronizing public bookmarks with a web service such as del.icio.us could combine the advantages of local bookmark managers with social bookmarking and guaranty the privacy of bookmarks that are not public. Maybe we will see in one of the next Firefox versions a bookmark manager with an interface similar to the del.icio.us interface or even more advanced. The bookmarks in the sidebar fit more in the concept of a web panel than into the flat list of tagged bookmarks and could be separated if necessary. The integration of annotations and citations would be a big step forward. This does not mean that bookmarks and annotations need to share a database but bookmarks, tags, annotations, and website management icons for allowing software updates, allowing popup window, etc. should appear together in the user interface to show everything that is associated with a website. To show any saved information about a website as soon as the website is opened would make a big difference because it would provide reminders and annotations that can guide the browsing. What once was a bookmark manager may become the information management system that keeps together links, annotations, tags, existing copies of websites, and other meta-data. This looks very promising to me and could become the next generation of Firefox to “rediscover the web”.

Related blogs:
Rethinking the User Interface For Bookmarks — Two Different Purposes May Require Two Different Interfaces
Advanced Tagging — Hierarchical And Ordered Tags
Firefox Hacks :: Tagging Bookmarks
Firefox Hacks :: Search Simultaneously in Firefox, del.icio.us, and Archived Bookmarks
Is Yahoo going to be del.icio.us?

External articles and blogs:
Security and Privacy Risks of Google’s new Firefox Extention “Safe Browsing for Firefox”

My related bookmarks at del.icio.us

Google Print and the Society

October 14, 2007

The problem with Google Print is not the technology but that Google privately owns the digital copies of the books and is running an advertising business using these copies.

Google is working to complete the Google Print service that will make the content of many books searchable and show short citations from the books as results. There are suggestions that Google should add micropayments to Google Print and make everyone happy: users, authors, and publishers.

The problem with Google Print is not the technology but that Google privately owns the digital copies of the books and is running an advertising business using these copies. May be Google will not claim an exclusive right of ownership for the digital copies but nobody else will be able access it without Google’s permission. So, the issue is a bit different from “fair use” or “Creative Commons”. The EU got aware of the private ownership and pushes now for a public project to make the books of European Libraries available on the web. Google has already become a monopoly on the market for ads and the dependency of the society on Google search as a private service is not unlike the problems with the privatization of water. There are three independent search engines left on the market and I would not consider that a stable and sustainable system.

Amazon became an empire as well. Anybody who buys something through Amazon pays the TAX (10%). The micropayment model for Google Print would include paying the TAX to a monopoly as well. And I really mean TAX and not fee for the service because their market dominance gives them the freedom to set the price. This is not unlike the price for music downloads where less than 10% of the revenues go to the musicians. Recently, a computer journal made a transparent calculation with fair fees for the download service and kept the payment for the musicians the same. They ended up with 50 cent per download as a “fair offer”. I think the rest is a TAX to a protected business that was successful lobbying politicians to extent copyright protection more and more.

A few days ago ArsTechnica had an article about a new project: Google Base. In the report it says: “The last sentence there really speaks to what they’re after: eBay, Craigslist, and classified ads. Users will be able upload all kinds of items for sale, and you’ll be able to geo-locate them, compare them, and search them via Google.” I think it even includes Amazon’s service for used books and other items from extern sources.

It seems people start to realize the hidden price tags of monopolies like Walmart and Microsoft. Why not for Google? Is it really to early to realize the risks of Google’s market dominance? Is Google’s PR motto “do no evil” still unquestioned? I think it is time to look for alternatives beyond Google that can generate a sustainable development and without the threads of monopolies. The announcement of the Open Content Alliance to make books available on the web hosted by the Internet Archive, a non-profit organization, comes just in time. Hopefully the Open Source ideas of collaboration rather dominance will spark even more such projects in the future and the neoliberal changes in copyright will be cutback to a balance between creators, distributors, and consumers.

Update: Google Patent for User Targeted Search Results
Google has filed a patent for user targeted, or attention targeted, search results which will change the ranking of Google’s organic results per each individual user based upon that user’s search behavior, location, sites visited, and even ‘typing behavior’. Read more …

Related external articles & blogs:
Security and Privacy Risks of Google’s new Firefox Extention “Safe Browsing for Firefox”
Reining in Google — The Washington Times

My related bookmarks — absolutely del.icio.us

Google Problems and Critics

October 14, 2007

Google’s corporate PR image Do No Evil does not fit reality.

Following the news about Google it is surprising how persistent Google’s corporate PR image Do No Evil works. Many reports show that the problems are growing and that there is something wrong with Google. Read more …

Advanced Tagging — Hierarchical And Ordered Tags

October 14, 2007

Could the order of tags be a general solution for hierarchical tagging? It would be similar to relations between words within sentences or to the order of folders in a directory and without enforcing a structure.
Tagging and meta-data in general are new and very interesting approaches to handle data by adding semantic data or relations. We see currently the first generation of online services that support tagging for bookmarking, photo and other services. If you are interested to read more about tagging I highly recommend an article about del.icio.us and Flickr and a comparison between tagging (folksonomies) and hierarchies (directories).
Common for the first generation of tagging systems seems the use of flat tags that do not have a hierarchy or any relationships to each other. I guess everyone who has used tagging for a while has noticed that the lag of relationships between tags is a limiting factor. For example, the meaning of “social bookmarking software” and “bookmarking social software” is very different. In one case “social” is associated with “bookmarks” and in the other case with “software”. So, the problem is that a search for “social+bookmarking” shows both items.
Hans Reiser has discussed this problem of relationships between tags in a very interesting whitepaper about name spaces because it is important for the next generation of file systems that will provide mechanisms for tagging or other meta-data. He proposes a solution that uses a special character to define hierarchical tags, e.g. “subject/strike to/elves from/santa”. But is this solution consistent with the general concept? I mean would a bookmark with the hierarchical tags “computer/hardware” be listed under hardware? I’m not sure what to expect because is doesn’t look like a familiar metaphor.
I wonder if ORDERED TAGS would be a more general and simple solution for hierarchical tagging. It would be very intuitive because it is very similar to writing sentences in a string of tags, e.g. “development software social bookmarking.” All tags in this order could be searched as flat tags. But I could also search for ordered tags: “social bookmarks”. The tags “social” and “bookmarks” needs to be in this order but can be at any position within the string of tags. In Hans Reiser’s example I could search for “to elves”+”subject strike”. A disadvantage of not using an operator that explicitly defines a relationship is the risks of getting items with unintended tag orders. But I think, examples of search results from Google, Yahoo, etc. show that unintended word orders have a low practical relevance.
A more complex search system could even support wildcards to search for ordered tags beyond neighbors. For example, I could search for a bookmark with the ordered tags “computer hardware video card” with “computer * video”. Or I could use a small set of tags as main categories and place one, two, or more tags of the main categories in the most left positions within the string of tags. The search term for the first main tag could be “^computer”. Well, I could go on with examples for regular expressions to search for computer and computers at the same time because tagging systems (folksonomies) tend to be inconsistent or different users have used different tags for the same thing, e.g. socialbookmarks, social_bookmarks, social-bookmarks.
A well ordered set of tags could even be equivalent to a well-defined directory structure, e.g. “computer hardware CPU shopping budget”. But the big advantage is that I can use ordered tags as well as flat tags to search for items. A special character to explicitly define a hierarchy or relationship between tags could be useful if necessary but should be optional and not enforced nor should it hide one or more tags of the hierarchy.
Update: Recently, I posted a script to search bookmarks that can search for ordered tags when regular expressions are used.
Related bookmarks – absolutely del.icio.us

Firefox Hacks :: Tagging Bookmarks

October 14, 2007

The hack is a simple but powerful guideline that makes use of bookmarks search in Firefox.

Many Firefox users hope that tagging of bookmarks will be implemented very soon. But very few seem to realize that bookmarks search in Firefox can be used as simple tagging system:

  • Bookmark a website,
  • Go in the opened dialog window to the end of the tittle field, and
  • Add a separator code plus the tags.

For example, when I would tag this blog I would expend the title “Firefox Hacks :: Tagging Bookmarks” to “Firefox Hacks :: Tagging Bookmarks – tips tricks howto”. The tags Firefox, hacks, and tagging are not necessary because they are already in the title. Typing “tips” in the search field of the bookmarks manager lists all bookmarks with “tips” in the title including the bookmark for the Firefox hack.

I’m using this simple hack since the Mozilla browser has the function to search bookmarks because I quickly realized that the titles of websites are frequently not very descriptive or that I need to associate the website with projects I was working on. The free association with projects and ideas is actually an important issue that will always require some manual editing. It is not necessary to organize the bookmarks in folders. They can just remain in a flat list because I retrieve the bookmarks with the search function.
Related blogs: Advanced Tagging — Hierarchical And Ordered Tags
Firefox Hacks :: Search Simultaneously in Firefox, del.icio.us, and Archived Bookmarks
The Evolution of Bookmarking — Bookmarks, Firefox, and del.icio.us

My related bookmarks at del.icio.us …

Firefox Hacks :: Improve the Usability of the Bookmarks Manager

October 14, 2007

Opening the bookmarks manager with keywords avoids problems with big bookmarks lists and Flat Bookmark Editing makes the bookmarks manager to an active workspace.

The handling of bookmarks in the current versions of Firefox results in some annoyances when the number of bookmarks reaches several hundred or thousand bookmarks. For example, Firefox does not respond for several seconds after the mouse pointer came across the bookmarks menu because it is putting all bookmarks into the menu.

Fortunately, the user interface of Firfox and other Mozilla-based browsers can be opened from the URL bar:

chrome://browser/content/bookmarks/bookmarksManager.xul

I saved it as a bookmark, opened the bookmark properties, and entered as keyword “bm”. Since then I have never used the menu again because it is much fast to press Control-L (to activate the URL bar), enter “bm”, and hit the Enter key. A double click on a bookmark opens the website in the same tab. But it can be opened in a new tab when the Control key is pressed while double clicking. This keeps the bookmarks manager open and saves time when the bookmarks manager is used more frequently.

The second major improvement in usability was to install the Firefox extention Flat Bookmark Editing (screenshot). It works like a tool in Photoshop that stays open instead of being opened and closed with every change. This type of permanent dialog window is always very useful for any continuing editing processes. Saving bookmarks without changing anything has been the primary use in the past. But adding and changing tags or meta-data requires a better editing process. The lower effort for editing is very beneficial for the active use of bookmarks. Flat Bookmark Editing makes changing tags or short notes much quicker. I hope Firefox will soon have a sidebar like Flat Bookmark Editing that loads all information simultaneously with the website and would be a very effective annotation tool.

Related blogs:
Firefox Hacks :: Search Simultaneously in Firefox, del.icio.us, and Archived Bookmarks
Firefox Hacks :: Tagging Bookmarks
The Evolution of Bookmarking — Bookmarks, Firefox, and del.icio.us

My related bookmarks at del.icio.us …

Rethinking the User Interface For Bookmarks — Two Different Purposes May Require Two Different Interfaces

October 14, 2007

Bookmarks are useful as FAVORITES in a menu for quick access to websites and as a large INDEX of marked websites with valuable content.
The reasons for saving bookmarks have evolved with the development of the web. Currently, there is a lot of discussion on the web about tagging of bookmarks. The discussion has two primary reasons: 1) frustrating experiences with organizing large amounts of bookmarks in directories, and 2) new online services for sharing tagged bookmarks within a community. It seems all users of online services for tagging of bookmarks, photos, etc. would like to have a new bookmark manager that supports tagging and can synchronize the local bookmarks with the online service. However, I think the necessary rethinking of the interface for bookmarking is not only a decision between hierarchy and tagging paradigms.
The redesign of graphical interfaces for bookmarks must address two different purposes. One is a menu for quick access to websites and the other is a personal index of marked websites. Both concepts are important for the interaction with the web and have been kept in one interface over time. But it may be better to have two separate interfaces.
The menu’s purpose is fast access to frequently visited websites. In principle, its function is similar to program menus or to sidebars with collapsible groups of items or submenus. Both have a very simple directory structure that provides not only the items but serves also as an visual reminder for the items and their shortcut keys. Menus and sidebars with the most frequently used bookmarks on the top level and a few more grouped in submenus or folders are good examples for this concept. The name FAVORITES emphasizes the concept very well that has been very beneficial for organizing a limited number of bookmarks in my sidebar.
Bookmarks without the high visibility in the sidebar or in the menu are a “permanent history” of marked websites. This personal INDEX contains bookmarks that have been saved because they were interesting or valuable. Searching this INDEX can provide pre-selected information very quickly. Tagging seems a perfect tool to categorize these bookmarks for the INDEX in a very flexible, quick, and simple way. Important for the interface of the INDEX are quick adding of bookmarks, simplified editing (e.g. Flat Bookmark Editing), and fast search for tags and text (title and description).
My own bookmarks file has the FAVORITES at the beginning of the bookmarks file to be visible in the sidebar and the INDEX as long flat list of tagged bookmarks below the FAVORITES. Unfortunately, this structure has affected the response time of Firefox (details) and it is not useful at all to have a large file of bookmarks listed in the menu nor in the sidebar. To solve this problem and to tailor the interfaces for FAVORITES and the INDEX more specifically to their purpose it seems reasonable to have separate user interfaces for the FAVORITS and the large INDEX. I’m sure if their data should be separated but it may be easier to have a file for the FAVORITES that just contains titles and URLs in the order of the menu while the content of the bookmarks is saved in the INDEX.
Important for the FAVORITES is that bookmarks can be manually ordered and that folders can be used to organize and collapse groups of bookmarks. The FAVORITES could contain dynamic or “LiveFolders” for dynamic search results of the INDEX, e.g. a selection by tags using a link structure chrome://browser/content/bookmarks/bookmarksPanel.xul?search=favorites+firefox. But the primary purpose needs to be visual feedback and quick access to websites. The manual order of bookmarks can be as important as in regular menus.
Important for the INDEX is the excellent support for tagging and Flat Bookmark Editing (screenshot). A new but very useful concept for entering tags are “tag clouds” combined with dynamic recommendations as the del.icio.us POST interface (screenshot) demonstrates. I hope very much that some time soon we will have for the sidebar a form like Flat Bookmark Editing and that opening a website loads simultaneously the bookmark when available so that I can change tags and make notes and annotations. This type of tools that do not require to open and close a dialog became very common for graphical editing, e.g. Photoshop, Gimp. Firefox’s Find in websites and in bookmarks as well as Flat Bookmark Editing demonstrate how this concept of avoiding dialog windows can improve the usability of web browsers too.
A redesign of the user interfaces to add, edit, and use bookmarks is a great opportunity to introduce new concepts and increase usability. Improved user interfaces for bookmarks including “dialog-free” annotations of websites could result in an interesting tool for information management and may pioneer the way we will use tagging and other meta-data in the future.
Related blogs:
The Evolution of Bookmarking — Bookmarks, Firefox, and del.icio.us
Firefox Hacks :: Improve the Usability of the Bookmarks Manager
Firefox Hacks :: Tagging Bookmarks
Firefox Hacks :: Search Simultaneously in Firefox, del.icio.us, and Archived Bookmarks

My related bookmarks at del.icio.us …

Firefox Hacks :: Search Simultaneously in Firefox, del.icio.us, and Archived Bookmarks

October 14, 2007

A simple script searches for one or more terms in Firefox, del.icio.us, and archived bookmarks files. The script presents the results in Firefox using Netscape’s standard format for bookmarks.

At the time I realized that the size of my bookmarks file was slowing down the response time of Firefox/Mozilla I decided to split the file. I moved a large fraction of the bookmarks I want to keep as a permanent history of selected websites to an archive without changing the format of the bookmarks. The Firefox bookmarks file contains since then the newest bookmarks and the permanent favorites on the very top to be shown in the bookmarks sidebar.

Searching the bookmarks and their tags in the archive (permanent history) required a script I wrote in BASH to use it on Linux systems. The script searches for one or more words in the archive, in the Firefox bookmarks file, and in the backup file of my del.icio.us bookmarks. So, all bookmarks can be searched from one place.

Installation:

  • Download the script;
  • Put it in your ~/bin directory or where ever you have your scripts;
  • Change its permissions to make it executable; and
  • Configure all paths and file names of your bookmarks files.

If you’re using KDE I recommend to open the mini-command line (Alt-F2) and type for example: bms Firefox<Enter>. This is very similar to using keywords in Firefox. The search results are shown in a new tab in Firefox. For del.icio.us bookmarks is the response time much shorter than on the web. The del.icio.us backup files can be downloaded from del.icio.us/setting/<YourLogin>/export. But the backups contain the notes of each bookmark as multiple lines below the bookmark. You can use this perl script to convert it to a file with one line per bookmark.

If you like to see a list of all bookmarks with Firefox keywords search for SHORTCUTURL. With regular expressions for the search, you can try ordered tags, e.g. bms “tags:.*social.*bookmarks”, and many other powerful search terms.

Related blogs:
Firefox Hacks :: Tagging Bookmarks
Advanced Tagging — Hierarchical And Ordered Tags
The Evolution of Bookmarking — Bookmarks, Firefox, and del.icio.us

My related bookmarks at del.icio.us …