Thursday, 18 January 2007

Why NetBeans Visual Web Pack Themes Suck Ass

I have posited that Java developers could not code their way out of a HTML box (model).

NetBean's Visual Web Pack Themes may prove this point. Holy Squelch, Batman, all noise, no signal.

If you decide to use a VWP project, you're stuck with this heavy handed theming architecture, coupled with JSF's engineered hijacking of id, a HTML DOM core attribute, throw your design out the window. VWP will get your way at every turn. Oh, you can put your design into the theming model, but take a look at that learning curve sometime.

The over-bearing theme engine makes VWP only good for prototyping. Until the theme engine is made opt-in, or opt-out, VWP will not be a recommended model for my production projects.

Posted by caffeinated at 10:09 PM in kaffehaus

Monday, 15 January 2007

vsftpd notes

vsFTPd1 is a quick setup. Kudos to the “scary beast.”

I have long been a ProFTP2 fan for its Apache like configuration, but vsFTPd had to be the quickest FTP server I have ever set up.

My notes on getting a vsFTPd set up quickly:

Use yum to get the binary installed.

The yum puts everything in the apropos places for a Fedora Core/Red Hat install:

  • /etc/vsftpd
  • /usr/sbin/vsftpd
  • /etc/init.d/vsftpd

Authenticated only FTP services was quick by editing /etc/vsftpd/vsftpd.conf

...
local_enable=YES
guest_enable=NO
...

I liked vsFTPd direct setup of FTP over SSL.

ssl_enable=YES
rsa_cert_file=/path/to/certificate.file
rsa_private_key_file=/path/to/certificate.key

What’s nice about this is that it will force, by default, users to SSL connections via TLSv1 (the SSLv(1||2||3) options have to be explicitly enabled; the developer of vsFTPd is a bit of a paranoid). This forcing of authenticated users to SSL is configurable, of course, but is the default. It also seems that having this configured, but commented out, will allow you to switch between non-SSL and SSL connections.

Debugging the configuration is easy too.

As root

# /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf

This attempts to start the vsFTPd with the configuration file as the argument in standalone mode. Errors in the configuration come to stdout.

I also liked the banner_file option. A few years ago, at a security conference, a lawyer presented several cases where crackers worked the system arguing that “they weren’t told they could not be on the system.” You have to love ’em. So I put a pretty standard banner on my FTP services to just be sure nefarious users know it’s a restricted system, borrowed from a security document, somewhere:

***********************************************
*****  THIS IS A PRIVATE COMPUTER SYSTEM  *****
*****   AND IS FOR AUTHORIZED USE ONLY.   *****
***********************************************

       Any or all use of this system and
       all files on this system may be
       intercepted and monitored.

       Unauthorized or improper use of
       this system may result in
       disciplinary and/or legal action.

       By continuing to use this system
       you indicate your awareness of
       and consent to these terms and
       conditions of use.

       LOG OFF IMMEDIATELY if you are not
       an authorized user of this system
       or do not agree to the conditions
       stated in this warning.

Finally, getting a FTP service like vsFTPd up for web hosting is well documented at YoLinux.com. Much of what I learned in setting this up was found there. The tutorial is a bit dated, like no SSL notes, but it is a great start!

meta-footnote-1=Get source and docs at http://vsftpd.beasts.org/ meta-footnote-2=ProFTP http://www.proftpd.org/
Posted by caffeinated at 11:31 AM in nerdery

Sunday, 14 January 2007

Why Micros~1 loses the security war, or vendor lock-in

WTF, Bill?

None of your tools seem to support any kind of security in the web tier.

WebDAV over HTTPS (to secure BASIC auth)? I can mount a Web Folder, but does Expression Web, a.k.a FrontPage v12, support it? No! or at least in not any appreciable manner, i.e., when WebDAV is served by Apache. God damn you Bill Gates!

FTP over SSL/TLS? Apparently not. Again, the tool support is shitty! Expression Web, a.k.a. FrontPage v12? No. The asinine encouragement of clear text passwords over FTP is mind boggling! And you wonder why IIS gets a shitty reputation!

Micros~1, you suck.

I’m going to bed.

Posted by caffeinated at 11:46 PM in 0xDECAF

Saturday, 13 January 2007

Selling my broken iPod on eBay

Broken 3GB 5th Gen. White iPod

It recently took a dip in a sink full of water that had been washing lettuce. Generally clean tap water, but the impurities from the lettuce are likely conductors.

It never recovered from trauma. Someone with some knowledge about salvaging parts, like the still functioning screen, might be able to do something noble with it. Kind of like organ donation.

Posted by caffeinated at 4:36 PM in the mac bloc