Thursday 14 August 2008

I hate Office/Word 2007/2008 Ribbbon crap

The change to Microsoft's "Office" suite with their new ribbon thingy is plain annoying/frustrating and big time waste. I have used Word for years and been comfortable with it (as far as is possible) I knew where things were - but now in 2007 I haven't clue. I'm not saying they were that logical before but they're no more so now and I imagine just annoy/alienate a vast number of existing users.

The stupidest thing was they didn't include some form of helper system for transition or provide a way to switch back to 'classic' mode. Though it turns out that there is some online info, including a Flash interactive helper to help you to find commands from Word 2003 in 2007. An one can purchase an external plugin, Ribboncustomizer, that provides access a version of the old interface - the free edition has some basic functionality including a 'Classic UI' tab.

There are plenty of other word processors out these days and instead of relearning Word I'm keen to move to something else - Open Office is getting better these days and Apple's Office suite is good too. Also online Office suites are getting very usable now - most notably Google Docs and others.

Wednesday 13 August 2008

Automatically blocking failed ssh attempts

If you run an ssh server (sshd) and you're connected to the Net on a public IP then you'll likely be seeing a serious amount of wanna-bee hax0rs trying your box. Pain in the ass. Fortunately there's a few tactics that can be deployed. There's a good article here that covers it. Plus there's a good 'stickied' discussion from a good list of security issues on LinuxQuestions.org. Basically as far as I was concerned two options seem to be the best:
  • Run fail2ban

  • Or install some natty firewall rules (cribbed from above article) written by this guy:

  • (1) Create a custom chain for whitelisting first:
    iptables -N SSH_WHITELIST

    (2) Whitelist any host(s) that you like:


    iptables -A SSH_WHITELIST -s TRUSTED_HOST_IP -m recent --remove --name SSH \
    -j ACCEPT

    (3) Add the blocking rules:


    iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set \
    --name SSH
    iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j SSH_WHITELIST
    iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update \
    --seconds 60 --hitcount 4 --rttl --name SSH -j ULOG --ulog-prefix SSH_brute_force
    iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update \
    --seconds 60 --hitcount 4 --rttl --name SSH -j DROP
  • Advantage: Transparent for users
  • Disadvantages:
    • Does not distinguish between successful logins and unsuccessful login attempts (i.e. three successful logins within one minute will trigger just like three unsuccessful login attempts).

Tuesday 12 August 2008

sshfs using ssh-agent on OSX

The FUSE based sshfs app is pretty nice - but it's even slicker if it imports your ssh-agent keys automatically (as mentioned here) - then it just connects automatically if you're logged into your agent. To do this you need to set up your ssh-agent and the setup sshfs: basically you open the sshfs package and rename the "Contents/Resources/sshfs-static" to "Contents/MacOS/sshfs-static.bin". (Doing the same for sshfs-static-10.5). Then create a new file called sshfs-static (and with sshfs-static-10.5) with the following content:
#!/bin/sh
SSH_AUTH_SOCK=/Users/your-username/.ssh/ssh-agent.pipe $0.bin $*

Now make sure you've installed and set up the ssh-agent according to my instructions then you can start sshfs. Then add a machine you've got a key installed on and it will automatically connect.

[updated] Otherwise now in Leopard ssh-agent works properly and you don't need to follow my instructions - you can use the one here - use this in your sshfs-static:
SSH_AUTH_SOCK=`launchctl getenv SSH_AUTH_SOCK` \
$0.real "$1" "$2" "$3" "$4" "$5" "$6"


Bug reporting and listing/tracking

So how do I report a bug in Windows Vista, Gmail (maybe I'll add others)??? - they don't make it that easy... So I've managed to 'em track down:
  • Gmail - You get it through the help center - but you have to navigate via an unexpected route: Through their trouble shooter and then via issues with 'Registrations & Invitations"....
  • Windows bugs (Vista etc) - You go via their connect system - you'll need a M$ ID. It seems you can only report issues about various subsystems though not the core OS...

Tuesday 5 August 2008

Coolest Firefox plugins

Yeah there's tonnes of 'em but mostly they're a waste of time. These are the ones I like (I'll keep updating this one too...):
  • CustomiseGoogle - Allows various tweaks and additions when using Google's sites
  • CookiePie - Keeps cookies from different tabs/windows separate - E.g. So you can be logged into Gmail in one tab, whilst in another use Google search (and not be logged in) thus not having everything logged (though they could quite easily correlate one's activity by IP...).
  • Flashblock - Stops running Flash items on web pages till you click on the ones you want.
  • Cacheit - Useful to access alternate sources of a webpage - e.g. when the main is down.
  • Dictionaries - Great for spell checking any text as you type into any web form.
  • Add more search engines to the search box - Not actually a plugin but darn useful all the same (e.g. add Way Back Machine, Scroogle (anon Google search), Cuil....)
  • Locate in Bookmarks - Go Parent Folder, Show Parent Folder
More geeky ones:
  • User agent switcher - Useful for playing with your browser's 'identity'
  • ShowIP - Shows the IPv4/IPv6 address of the website you're at.
There are other sites that have some impressive lists too.