|
1. March 2, 2003 2. March 3, 2003 3. March 4, 2003 4. March 5, 2003, Wednesday 5. March 6, 2003, Thursday 6. March 7, 2003, Friday 7. March 8, 2003, 8. March 9, Sunday 9. March 10, Monday 10. March 11, Tuesday 11. March 12, 2003, Wednesday 12. March 13, 2003, Thursday 13. March 14, 2003, Friday 14. March 15, 2003, Saturday 15. March 16, 2003, Sunday 16. March 17, 2003, Monday 17. March 18, 2003, Tuesday 18. March 19, 2003, Wednesday 19. March 20, 2003, Thursday 20. March 21, 2003, Friday 21. March 22, 2003, Saturday. 22. March 23, 2003, Sunday 23. March 24, 2003, Monday 24. March 25, 2003, Tuesday 25. March 26, 2003, Wednesday 26. March 27, 2003, Thursday 27. March 28, 2003, Friday 28. March 29, 2003, Saturday 29. March 30, 2003, Sunday 30. March 31, 2003, Monday Dates and Descriptions March 2, 2003 Created Hotmail accounts for testing of James, in particular, the problem concerning the delivery of multiple email's to hotmail accounts. This problem was brought to our attention by Robert Grundy. The hotmail accounts are as follows (e.g. [email protected]) ella1111, ella1357, ella2468, ella3579, ella7531 all accounts have a password of 'bacibaci' It is possible to deliver mail to the accounts using the 'raw' SMTP protocol by connecting to a server like 'mx3.hotmail.com' where the number after the 'mx' part could be 1,2,4 etc, on port 25. The 'Putty' application can be used for this by selecting the 'raw' protocol option. For yahoo you could try 'mx1.mail.yahoo.com'. Specific error messages for James when delivering mail can be found in /usr/bin/james/apps/james/logs/mailet.log An archive containing questions and answers for the James Mail Server can be found at [*] www.mail-archive.com/[email protected] An email was sent through James successfully to the hotmail accounts listed above using Outlook express and a comma separated list of email addresses. The answer to the James multiple hotmail delivery problem is possibly that if one incorrect email address is present for a particular destination (eg hotmail) then James fails to deliver any of the email's for that particular destination. However James does successfully deliver mails in the same 'batch' to other destinations (such as yahoo). It is possible that in a sense this is a hotmail problem. For example, when multiple recipients are specified using raw SMTP protocol to somewhere like mx3.hotmail.com, if one of those recipients is not valid, then it appears that none of the recipients will receive the message. According to rfc821 and rfc2821 this appears to be incorrect behaviour. Yahoo Mail for example does not have this problem. It delivers to the valid addresses even if on of the mailboxes is not valid. However, an SMTP mail server could overcome this problem by sending the message to each mailbox individually, which James apparently does not do Wrote small Java program to check hotmail accounts It is located at /root/checkhotmail.class but it only works on Windows (!) Perhaps this is the readLine() method of the BufferedReader class. It is possible that the line separator property for Unix needs to be set in order for the readLine() method to word properly. March 3, 2003 Researching security problems for the 'local server' Examining the Debian Security How-to/ Manual. There are Debian tools, such as 'nessus' which launch attacks against a Server Computer in order to evaluate how vulnerable that machine is. March 4, 2003 Not much, thinking about the vi editor. Discovered 'netcat', invoked as 'nc' which is a network analysing tool Which allows scripts to makes TCP connections. March 5, 2003, Wednesday Working on FTP security: Discovered 'netcat', invoked as 'nc' which is a network analysing tool which allows scripts to makes TCP connections. Have noted an extremely large amount of stuff in the syslogs which looks dubious. It looks roughly like this. Mar 5 19:20:03 www sm-msp-queue[22513]: h21BU1gk005619: to=postmaster, delay=4+06:50:00, xdelay=00:00:00, mailer=relay, pri=55566438, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1] Mar 5 19:23:01 www /USR/SBIN/CRON[22517]: (mail) CMD ( if [ -x /usr/sbin/exim -a -f /etc/exim/exim.conf ]; then /usr/sbin/exim -q ; fi) It is probably generated by the 'james' mail server but why? Created a directory /var/guest-ftp-setup/ which is a mirror of the /home/vanessa directory which nick created to setup guest ftp. The /var/guest-ftp-setup/ directory has the same permissions and ownerships as the /home/vanessa/ directory created a shell script which automates the process of establishing a guest ftp login account. This script is located at /usr/local/bin/make-ftp-guest and can be invoked as (from any directory) make-ftp-guest theUserName March 6, 2003, Thursday I am investigating the possibilities of 'sslwrap' to deal with the problem of a secure ftp connection. There is a Debian package for this and reasonably OK information. From reading of the[*] www.wu-ftpd.org mailing list archives it appears that version 2.8 of wu-ftpd will support ssl (or TLS?) but that this is not a stable version yet. The 'local server' is running version 2.6.2 [*] www.landfield.com/wu-ftpd/mail-archive/wuftpd-questions/2002/Aug/0119.html has a list of ftp clients which support secure ftp (ssl/tls) The secure ftp problem is solved very simply; The sshd daemon, which is already running, includes support for the Secure Copy Protocol (SCP). All that is required is a Microsoft-windows client that is able to connect to the sshd server. Two good clients are available. The 'Putty' psftp command line client, and the WinSCP GUI client (which appears to be based on the putty client). The WinSCP client can be found at winscp.vse.cz/eng/ and the putty client can be found at [*] http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html All access to the 'Local Server' as the 'root' user should be made using these clients rather than a standard ftp client connecting to the wu-ftpd server. The normal users of the 'local server' can continue to connect using the 'wu-ftpd' server, since their passwords are not as critical to the security of the system. March 7, 2003, Friday not much. Am looking at the cvs system, and whether the 'Local Computer' has a cvs server currently running. The Alexis Code needs to be moved into a cvs system. Other things to do: create a swing applet/ application to look up the validity of Hotmail Email Addresses. Type 'info cvs' for the main cvs user documentation or type 'lynx /usr/share/doc/cvs/html-info/cvs.html' for an html version. March 8, 2003, Inorder not to have to use the -d switch with the cvs checkout command, you need to set the CVSROOT environment variable. The question I have is, where is the best place to set this variable?: In the .bashrc file for each user, in the /etc/profile 'system wide' file, or somewhere else? Summary of importing code into cvs and setting up a module. This process was extracted from the cvs manual (cederqvist). Lines beginning with a 'hash' are comments or non literal intructions. #-- Set up the CVSROOT environment variable so that you don't have to type #-- '-d /var/lib/cvs' every time you use a cvs command. The CVSROOT variable #-- tells the cvs client where it is to find the cvs 'repository', which is #-- where files and their versions histories are kept. CVSROOT=/var/lib/cvs export CVSROOT #-- The above lines only work for the current login session. The #-- CVSROOT environment variable is not set for future sessions. #-- change directory into the top level directory where your code #-- directory structure resides. For example, cd /alexis cvs import -m "Some Comment" directory/path/within/repository YourCompanyName SomeTag #-- The directory path mentioned above should not contain a leading forward #-- slash (it needs to be a relative directory path). If the directory path #-- within the repository does not already exist then it appears to be automatically #-- created when you issue this command. #-- Check out the Repository modules file 'modules' with cvs checkout CVSROOT/modules cd CVSROOT #-- Text edit the 'modules' file to add a line like #-- yourModuleName repository/relative/path/to/code #-- Now, commit the changes to the modules file with cvs commit -m "Some Comment about what you have done" modules #-- Now, get rid of your working copy of the CVSROOT directory #-- (This can't be done when you're actually in that dir, obviously) cd .. cvs release -d CVSROOT Now you can checkout a working copy of the code with cvs checkout yourModuleName In other words you don't need to worry about the directory structure within the cvs repository. This assumes that you are working on the same machine as the cvs repository. See below if this is not the case. To set up the cvs server (to allow for cvs access across a network or across the internet), do the following, roughly: Add a line to /etc/inetd.conf refering to the pserver Restart inetd with kill -HUP <process id> Create a file /var/lib/CVSROOT/passwd with one line such as anonymous: This will need to be changed to stop any old person making changes to the Alexis code over the internet. Look at the actual file to see a better way to do this. Try connecting from a different computer with cvs -d :pserver:[email protected]:/var/lib/cvs checkout geocities where geocities is a test module which matthew set up. Created two accounts for the cvs pserver (which is the client/server version of cvs, in other words the accounts to be used when accessing the 'local server' computer from across the network or across the internet.) The two accounts are nicko n1ckn1ck matthew bacibaci The cvs server can be accessed with the following command line cvs -d :pserver:[email protected]:/var/lib/cvs login To create these accounts, I had to cut and paste an encrypted password from the /etc/shadow file (since we are using 'shadowed' password, otherwise it would be the /etc/passwd file). I used the 'adduser' program to generate the encypted password, even though it was not necessary to actually add a user to the system in order to use cvs. See the 'cederqvist' manual for more details. All this appears to be working in Netbeans as well. By using the menu items 'versioning/mount version control/cvs' and then following the the steps of the wizard. The 'Connection Method' Box of the Wizard is the most tricky. Leave the connection method as 'password server' Server Name = ella-associates.org User Name = nicko Repository = /var/lib/cvs port = 2401 (no need to change this) password = as supplied elsewhere March 9, Sunday not much March 10, Monday not much. NetBeans OpenApi familiarisation March 11, Tuesday xml and Netbeans research March 12, 2003, Wednesday not much, fixed network card dongle connection looked at the chakirya server source code. March 13, 2003, Thursday updated this file. A unusual Apache quirk: the default document for a directory, for example 'index.html', gets 'cached' by the web-server, so that even when you change the index.html file, or delete it, the changes are not apparent, unless the user specifically requests the document by name, e.g.[*] www.ella-associates.org/index.html. Requests to [*] www.ella-associates.org/ will yield the old document. I presume this is a feature rather than a bug. This is a strange problem. I even tried restarting the server with 'apachectl restart' but the old index.html file is still being served by the web-server. It just wont go away. When I put and index.html file in the 'test' subdirectory, the same thing happens but after it is deleted it eventually goes away. Could this be some odd client side problem with Internet Explorer refusing to not cache the document? Who knows. This situation is especially odd considering that I have changed the index.html file for the document root directory /var/www/ before. March 14, 2003, Friday A wild guess: could the problem above have something to do with Tomcat? Installed 'vim', an enhanced version of 'vi' The network card connection for this computer is slightly dodgy. Sometimes it is necessary to lightly press downwards on the network card connector in order to get it to work, or even to balance a not-too-heay object on the connector cord. The network card connector relies on a kind of 'pincer' action on the network card connection in order to work. But the gap between the two sides of the 'pincer' is now slightly wider than it should be, hence the problem. The Apache caching problem is incredibly infuriating. In MS Internet Explorer, in the menu, tools-->options [general tab, temporary internet files box] -->settings-->check for newer version of pages-->every visit By setting this option, the situation is improved slightly, but the old index.html is still being served Created a file 'ella-associates.org/docs/resources.html' which contains some url links to resources related to the Alexis project. Created some basic filter scripts in /var/www/utils/ to turn text into html In the /etc/rc files there are references both to apache and to apache2. This does not seem wise. How does the operating system know which daemon to start up at boot-time? Created an apache password file at /etc/apache/passwd/ella-members-passwords This is for allowing http access to the /var/www/internal/ directory. Created users 'nick/n1ckn1ck', 'matthew/bacibaci', 'robert/r0br0b/', 'marcus/marcus' Created a password protected directory tree at [*] http://www.ella-associates.org/internal/ The index.html file for [*] http://www.ella-associates.org/ has finally actually been 'registered' by Apache. I really have no idea why. In other words the problem which I have been refering to, at length, about how the 'index.html' file which was served by the Apache Server was old, not up-to-date, and in some cases didn't even exist any more, that problem, has now mysteriously gone away. Created a set of filter scripts in the directory /var/www/utils/ which turn various types of text documents into html documents. Some of these filters are 'diary2html.sh', plaintext2html.sh, and linkdoc2html.sh. The filters also add links to the Google automatic translation engine for Spanish, French, Italian, German, and Portuguese. March 15, 2003, Saturday Installed pretty good privacy, pgp on the Almetlla De Mar laptop. The outlook express plugin does not appear to be working but it doesn't really matter. I used the 'netword associates' pgp, version 6.5 something I think. And I got it from http;//www.pgpi.org/ Played tennis with Alex. Lost 6-3. Created a 'quick guide' to pgp for any other ella person who needs to install it March 16, 2003, Sunday The problem refered to above about apache or MS I.E. not serving the most recent versions of pages, seems to intermittently re-occur. Tried to start the telnetd daemon from within inetd, by enabling the telnetd line in /etc/inetd.conf and doing a 'kill -HUP 1496' to restart inetd. The telnet daemon started and permitted a login but on successful login says 'cant execute /etc/ftponly' I wanted to start the telnetd for the purpose of debugging the DNS set-up. I probably don't need telnet to test dns anyway. The 'dig' tool is better. Am reading the DNS Howto which is at [*] http://www.tldp.org and at [*] http://langfeldt.net/DNS-HOWTO/ But, its not very helpful about how DNS works, and its written in poor english with plenty of mistakes. Nevertheless it is useful. March 17, 2003, Monday ill, didn't work March 18, 2003, Tuesday ill, didn't work March 19, 2003, Wednesday Started the document /var/www/docs/the-ramble.txt This is supposed to be a simple explanation of Alexis ideas aimed at some-body like Marcus. James Info: to manage use 'telnet localhost 4555' and login with 'root' and 'jimi57' March 20, 2003, Thursday Still sick March 21, 2003, Friday Still sick. made email users 'mail' and 'webmaster' Made a summary of the Chakriya source code with the following command- # (echo "<html><body><h1>Chakriya Source Code</h1>"; for f in *.java; do echo "<h4>$f</h4>"; cat $f | \ indent | /src-highlite/bin/source-highlight.exe --src-lang java --out-format html; done; \ echo "</body></html>") > all.html March 22, 2003, Saturday. Still ill. Investigating the Chakriya Source Code further. Added slightly to the document 'ChakDoc.txt' which is an attempt to document the Chakriya Server, but is still very rudimentary. Using the 'curl' tool to investigate the Chakriya Server from the command line. I am having difficulty actually working out the xml syntax or dtd for the requests. This syntax can be obtained from the 'output' windows of the Alexis Client Application It seems possible to communicate with the Chakriya Server with something like curl -d "<alexisRequest><login-request><blah></blah></login-request></alexisRequest>" \ [*] www.ella-associates.org/alexis/alexisServer This is obtaining a response from the server, sometimes and empty <alexisResponse> tag and sometimes a Stack Trace server error, if an illegal tag is introduced. March 23, 2003, Sunday Not much March 24, 2003, Monday Working on security breaches that mustafa ([email protected]) has found. Mustafa appears to have been able to enter the 'local server' through the ftp server and appears to have been able to enter each of the guest accounts. He does not appear to have gained root access, but was able to upload files. Investigating Nicks problem of the javascript tree view component. At[*] www.treeview.net there is a good example of a pure javascript treeview component that seems to work well, but there is no xml data-binding kind of capability, although it should be resonably straightforward to write something to do that. March 25, 2003, Tuesday made a user 'webdeveloper/webdeveloper' who's home directory is /var/www/ This was to allow josephine to work on the 'ella-associates.org' site. However this is probably not the best or most secure way of doing this. The security problem seems to be that the ftp server is allowing anonymous ftp, and a script that I wrote, 'make-ftp-guest' had a bug in it that chrooted all guests to the /home directory instead of to the /home/[username] directory. This could be the reason that mustafa was able to put files in everybody's home directories. Prevented anonymous ftp access to the 'local server'. Also prevented access for the 'root' user. March 26, 2003, Wednesday The 'enter/return' key on this laptop is becoming unresponsive (has improved since). Created a small email program set-up how-to for ella-associates.org which is at [*] http://www.ella-associates.org/alexis-info/docs/ella-email-how-to.html March 27, 2003, Thursday Created a set of backup scripts at /usr/local/bin such as 'backup-ella-web.sh' and 'backup-cvs-repository.sh'. These scripts backup the ella-associates.org website and the local-server cvs repository respectively. They also 'rotate' the previous backup copies. These scripts are scheduled in the /etc/crontab file to run automagically at certain intervals (approximately once every 2 days in the early morning) My documentation pages and alexis information have been moved to [*] http://www.ella-associates.org/alexis-info/ March 28, 2003, Friday Expanded the document 'javascript-treeview.txt'. Continuing to investigate the use of javascript tree-view components in a web-page. March 29, 2003, Saturday More Java/Script Tree View Component Research. Going to a meeting in Barcelona with Nick tomorrow, 5pm March 30, 2003, Sunday Went to a meeting in Barcelona. Did not work Some of the things suggested for me to do were: Implement an IDE Auto-updating feature for Alexis Implement a schema validation for Nick XML tag editor. Implement Colors for the tag editor. Implement some chat system or discussion forum for Alexis. Investigate XML Databases. Send the pgp how-to link to everybody in the 'team'. Send the XML explanation link to everybody. Set up 'grapevine.ella-associates.org' and 'language.ella-associates.org' (possibly not urgent because they won't be used immediately.) Do the necessary massaging of the Lexicographical test data so that it can be inserted into Alexis. Investigate a Tomcat 'glitch' which appears to stop large numbers of accesses in very short periods of time. This behavior was reported by Nick. March 31, 2003, Monday Returned from Barcelona. Did not work Miscellaneous ------------------------------------------------------------------- [*] www.insecure.org The home site for the nmap port scanner and a good general security site. important directories /var/www/ the root for documents served by the Apache Web Server. A Command Line to send an email through James using 'Blat' (on Windows). This command sends whatever message the user types at the command prompt (ending with ^Z) and displays the responses of the server. blat - -t [email protected] -plain -u matthew -pw bacibaci -debug A simple example of an nroff (groff) document is available in the 'vi.advanced' vi tutorial document. Also included is the command line to process the nroff document. to connect to the Alexis Server on the 'local computer' use the url string [*] www.ella-associates.org/alexis/alexisServer to restart the inetd server, (according to a cvs mailing-list archive) you can type 'kill -HUP <inetd process id>' where the stuff in angle bracket is not taken literally. Get the process id by typing 'ps -el' The 'ispell' program can do a spell check of html documents (and xml) using the -h switch. to get basic linux help type 'info Cookbook' to view mysql docs at the console type 'mysqldoc' XWindows KDE Font size configured in main menu --> control center --> look and feel --> fonts For setting up the DNS Bind package, see the Linux Network Administrators Guide. some 'vi' tricks, and the briefest of survival guides. yes 'vi' is the work of the devil. Install 'vim' for more powerful commands such as interactive batch processing of files. Vim also has a good set of help files, unlike vi. Or else use 'setedit' which is a MS DOS 'edit' style program. Or else use 'emacs' ... please type... i to start inserting text. [esc] to stop inserting text :w to save the current file :q to exit from the current file. :q! to exit without saving. x to delete the character under the cursor dd to delete the current line u to undo the last change that you made . to repeat the last change that you made y10+ to put the current line and the next 10 into the 'buffer' (for copying and pasting) p insert the contents of the 'buffer' into the current file at the current cursor position. (ie 'paste') :set number to see line numbers for the file :set sw=2 to set the standard 'shift width' to 2 spaces >284G to shift all lines from the current line down to line 284, 2 places to the right (assuming that your shift width is set to 2 (see above) !}fmt to format all lines from the current line (which is the cursor position) down to the end of the paragraph (which is the first blank line). Formatting means doing a kind of 'word wrap' on the lines. This assumes that you have the external program fmt on your computer, which if you are using unix you almost certainly will, and if you are using Microsoft Windows you probably won't, but can get from somewhere like [*] http://gnuWin32.sourceforge.net/ (url?) :set nonumber to not see line numbers for the file :1,$ s/woman/man/gic to change all instances of the word woman in the current file to the word man, ignoring the capitalisation of the word woman, and pausing for confirmation with the user whether to change each individual occurance. :viusage to see an incredibly terse, uncommunicative and essentially unhelpful list of vi commands :exusage to see the same style list for 'ex' commands (which are the commands that you type after the ':' character :!zless /usr/share/doc/nvi/vi.beginner.gz :!zless /usr/share/doc/nvi/vi.advanced.gz to see some not particulary good tutorials on vi usage. |