Invasion Plans

After letting my domain boxchronicle.com, (which was for a computer history site I originally created in college) expire a while back, I recently decided to register it again and get the site back up and running. It used to generate the most traffic out of all my pages/sites, but I’d run out of a lot of free time to maintain it and had let it go by the wayside.

When I tried to register it again, I discovered someone else had taken the domain name and now posted it as a premium domain for sale at an outrageous price. They basically stole the domain, as it was likely bought due to the high traffic it once got and were either now hoping I’d fork out the money for it back, or idiotically thought someone else would find such a name valuable. It was never the name that drove the traffic, but the actual site content which got nice rankings on the search engines. That’s nothing but good SEO!

I knew that if I got the site back up with a new name, the traffic would come.  I decided on using the pluralized version of the original name, which made more sense when I thought about it anyway. So now without further ado, here is the new site boxchronicles.com . This is only one letter way from the original name, and the content itself will bring the traffic back.

Hopefully I can steal the old name back from the organization that took it after it expires in July and simply point that one to the same place…ensuring any old outside links using the original domain name will wind up there. But seriously …who would think such a name would be worth hundreds of dollars?

In a support role the idea is to leave the end user happy no matter how uneducated they are.

Whenever you’re stuck in a small shop with a limited budget, it can be pretty hard to find a good, inexpensive application that can do five things:

Port scanning
Vulnerability scanning
Some kind of patch level detection
Wrap everything up into reporting that can show all the results by machine.
Doesn’t cost an arm, leg, and your first born.

With little to no budget, my auditing tools are varied and I have to cut and paste most of their results into a single report by hand. I’ve gotten pretty nifty with the report formats using color coded Excel sheets, and I get to flex my writing skills but the manual work involved really is frustrating. However, using a combo of the usual free tools (Nessus, Nmap, Microsoft Baseline Security Analyzer, Metaspolit, etc.), I’ve managed to audit a small network of 100+ IPs and 5 subnets in around four to five days, complete with the reports. This also includes external auditing of our two public networks. I still wish I had a free or inexpensive tool that does a lot of what I’m already doing manually, especially bringing in all of the results into a single report complete with an executive summary.

Now, I could be lazy and just compile all the output these tools already generate and call that a “report”, but I’m the creative type and believe in clear documentation that can translate to both non-technical staff and IT staff. They should have a uniform look, because Nessus’ output format is an HTML file and Nmaps’ is a text or XML file. Putting them all together into a printed out clump just looks sloppy, and I don’t go for sloppy with documentation.

There are plenty that do that job, but all of them are pretty hefty pricewise, which leaves those with a low budget for such items in the crunch. There is business opportunity in this area, so you would think this market would have a bit more variety. Changes in the security landscape are pushing it in that direction though, as security and compliance are becoming concerns to even some small businesses. If I was a .NET developer, I think I’d start writing something that did what I wanted. Alas, I’m not, but if any of them are out there lurking, get to coding!

Apple announced a beta of iPhone 2.0 that will include full Microsoft Exchange server support using ActiveSync. This is interesting since I have a small, but growing, base of iPhone users and only recently (and reluctantly), opened IMAP up to them for their mail. With iPhone 2.0, I will finally get to use the mobile and ActiveSync features on my Exchange 2007 server, which have gone unused since none of my users have compatible cell phones or devices, and there was no sense in purchasing Blackberry Enterprise Server for the small number of Crackberry addicts in the company unless everyone would be getting one. The iPhone users will be happy because they can sync calendars and contacts, etc.

The key things to planning this will be making sure all pre-requesites are in place by the time one of my users gets impatient and actually wants me to test the 2.0 beta. This is entirely possible since one of the biggest Apple fanatics in the company is the CIO.

I’ll post my adventures/results on this in a future article as I dive into using ActiveSync with iPhones. Hopefully the experience will be smooth and my iPhone users, who happen to be some of the top executives, will be happy. I know my boss and I will, because we can then turn off IMAP and breathe freely knowing they’re getting their mail more securely!

Lately ISPs have been claiming the high usage of bandwidth is forcing them to take steps to manage the traffic on their networks. A few have taken some controversial steps like Comcast, who have caused an uproar over capping file transfers on peer to peer networks like Bit Torrent. There has also been some cases where Comcast has dropped a connection altogether because of some capped limit that they will not disclose. They even modified their terms of use without even telling their customers. Time Warner is currently testing a tiered pricing model in Texas. Tiered usage isn’t that big a concern to me, since I do not use a high amount of bandwidth in my daily online activities from home, despite the fact that I’m a system administrator who connects to the office network via VPN quite frequently. So if my ISP decides to roll out tiered pricing I really don’t care.

My only problem with all of this is that current U.S. bandwidth speeds pale in comparison to other countries around the world. If users hogging bandwidth is causing ISPs to consider these things to handle the loads, then why aren’t they increasing bandwidth amounts to the same levels as the rest of the world? I remember reading a report that the U.S. is currently ranked dismally low on the list, so if bandwidth is an issue, why aren’t they just increasing the amount available to consumers instead of trying to add all of this control to what users do?? It doesn’t really make any sense.

This is probably because the ISPs are making buckets of money charging you for very little in the way of speed, and they want to keep it that way. Most ISPs contacted by Computerworld for a story on this all claimed their networks were robust enough to handle the loads….yet here they are complaining that high bandwidth users are causing problems. Rather than asking them why bandwidth speeds aren’t comparable to the rest of the world (which would likely ease any “problems” the ISPs are crying about), the media is simply helping them spin the idea that there must be caps, controls, or tiered levels.

This is just plain retarded, and users in America should instead be demanding better speeds that are comparable with other offerings around the world. Hell, even South Korea has us beat by a huge margin, as well as other countries in comparison. Consumers on that side of the pond have more bandwidth then they know what to do with, and the United States continues to slip from it’s spot as a world leader in technology and innovation. I can’t wait for the mothership to get here so I can get off this rock, because it seems there is a relation to the growing population of the world and the number of idiots in it. Feel free to post your piece on this one.

Just to give you an idea, here’s a short list of median speeds around the world in megabits per second. These tend to be higher in some cases. I’ve read reports of Japan having upwards of 100Mbits/sec. A 40Mbit/sec connection is also dirt cheap there:

Japan ||||||||||||||||||||||||||||||| 61 Mbits/sec
S. Korea ||||||||||||||||||||||| 46
Finland |||||||||| 21
Sweden ||||||||| 18
Canada |||| 8
U.S. || 2

Computerworld editor Preston Gralla has been talking about this on his blog for some time, check out some of the info there @: Another anemic showing for U.S. broadband

So why should consumers get shafted by the ISPs just because some movie/music/software freaks/pirates are sucking up bandwidth? The actions of a few are going to affect the speeds of everyone, and that just isn’t fair to consumers who already pay too much for too little. There is also the fact that video (legit video viewing) is beginning to take up a large part of the internet, with YouTube gobbling up nearly 10% of all traffic. This is a natural outgrowth of the net, but ISPs are not even interested in increasing capacity. It’s all about the bottom line and how much they can get from you for the paltry speeds they provide, and that isn’t going to change unless the FCC tracks true usage (which it refuses to do), and the government starts taking steps to ensure better broadband access.

MarzQL 2.1.1 - A DBI wrapper I wrote that was originally going to be used with my own bot (see http://marzbot.marzopolis.com), but never did. It could be modified for other bots and/or anything you’d like to use with DBI. Not really needed if you prefer to connect to DBI directly, and is mostly for newbies who don’t or can’t understand DBI/SQL. You don’t need to know either one or how they work to use the module. Enjoy.

t0ta11ed
primary scribe and overnerd, dev.marzopolis.com

Leviathan 2.0- Leviathan is another bot by the creator of Juggernaut.

Juggernaut 4.0 - The full version of Juggernaut by Cer. Don’t know if this guy is still building his bots. This one is a bit old.

I mean seriously…does Microsuck NEED to be any bigger than it already is? As far as ad revenue goes, Google almost has the entire pie, has had it for a long time, and is simply a better company (to work for at least).

Fortunately Yahoo had the foresight to tell Gates and Co. to go suck an egg, but I wonder if it will become a hostile takeover. Somehow that doesn’t make a really good image for Redmond does it? Submit to their bidding or be assimilated.

Juggernaut Lite 1.0 - A stripped down version of the full Juggernaut by Cer.