Snortblog

openssl s_client -connect localhost:443
After the key exchange, enter the following:
OPTIONS / HTTP/1.1
host: localhost

After hitting enter once or twice, I got this:
HTTP/1.1 200 OK
Server: Changed to protect the innocent 1.0
X-Powered-By: Some server
Allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS

The Allow header shows that WebDAV methods are enabled, even though cadaver wouldn’t connect.

Here’s an example proxy.conf file for Apache2 used to set up a reverse proxy to multiple web applications written using the SEAM framework. We’re using mod_proxy_balancer with the intention of being able to add additional servers to each cluster in the future.

# disable proxy requests - if enabled, becomes an open proxy-- very bad
ProxyRequests off
# webapp1
<proxy balancer://webapp1>
BalancerMember https://webserver.com/webapp1/ route=node1 keepalive=On
</proxy>
ProxyPass /webapp1 balancer://webapp1 stickysession=JSESSIONID
ProxyPassReverse /webapp1 https://webserver.com/webapp1
# webapp2
<proxy balancer://webapp2>
BalancerMember https://webserver.com/webapp2 route=node1 keepalive=On
</proxy>
ProxyPass /webapp2 balancer://webapp2 stickysession=JSESSIONID
ProxyPassReverse /webapp2 https://webserver.com/webapp2


Here’s a link to an excellent Unix reference containing just about any command I can think of and then some: http://cb.vu/unixtoolbox.xhtml.

I had some trouble setting up Samba under Ubuntu. I followed these instructions and got it running. It turns out I’d run the command sudo smbpasswd -L -a , but didn’t specify the user name.

You can use your computer’s hosts file to improve your internet experience. I found one I like from hpHosts. I chose it because it included google-analytics.com. From what I understand, google analytics is excellent for web metrics, but because I don’t trust any powerful entity to do no evil, I don’t want information about websites I browse going to a centralized repository.

Unless of course, it’s AT & T and/or the executive branch of the federal government of the U.S.A. ; )

I find it totally annoying when websites force new windows. I can do that myself, if I want, thank you very much. There’s a greasemonkey script for Firefox that disables one common way web developers use in the attempt to control the user’s browsing experience. To install it, see these instructions on how to install this greasemonkey script.

Whenever I find myself running a new installation of Firefox, here are must-have extensions add-ons I always install.

• Autocopy — automatically copies selected text to “clipboard”/memory buffer.
• Adblock Plus — blocks advertisements
• ConQuery — Lets you send selected text to your search engine of choice
• Liveclick — makes RSS feeds work like regular bookmarks.
• Scrollbar anywhere — allows you to right click with your mouse and move it up and down to scroll your window.
• Tab Clicking Options — among other things, lets you close a tab with a double-click

To enable secure login and other administrative functions over SSL in WordPress, the latest version, 2.1, in conjunction with a plugin, provides a easy method of securing WordPress credentials. Here’s how I upgraded from Wordpress 2.0 to 2.1 on a server running Apache 1.3.x on Slackware 10.0.

1. Create two virtual hosts with identical names and DocumentRoots, one running under SSL and one running regular http (i.e. add SSL virtual host to /etc/apache/mod_ssl.conf and regular virtual host to /etc/apache/httpd.conf).
2. Follow WordPress upgrade procedures; install and activate plugin.
   1. Backup local wordpress files, e.g. tar cfjv packed_files.tbz2 /directoryToPack
   2. Backup database (using plugin or otherwise).
   3. Disable plugins.
   4. Get latest Wordpress; download, unzip, overwrite files.
   5. Test (if it doesn’t work, restore your files from backup and stop here)
   6. If it works, update plugins as needed.
   7. Reactivate plugins and test, one by one.
   8. Download, install and activate a copy of the WordPress Secure-Admin SSL Plugin from haris.tv. The version from wp-plugins.org contains a bug that was fixed on haris.tv. Thank you, Haris!

I have a Creative Muvo TX FM MP3 player that I’ve been really happy with. It’s cheaper then most iPods (iKidYouNot), uses flash memory (for fewer moving parts), uses a non-proprietary battery (AAA) and has FM radio. I use it a lot to listen to the radio, podcasts, and occasionally even music. Recently, it’s been malfunctioning–turning off inexplicably and locking up when I try to navigate among the MP3s I have stored on it. Consequently, I wanted to upgrade the firmware in an attempt to fix the problem. However, upon visiting Creative’s dysfunctional website (it’s broken for Firefox users), I finally found the firmware upgrade. In reading the fine print, I discovered that they’ve removed the ability to record from FM. Presumably, this is yet another victory by the RIAA against consumers. This feature was prominently advertised. Retroactively removing it is a ripoff. Ultimately, I found an older version of the firmware, version 1.13.03, and was able to install it. It seems to be working better and I’ve just recorded my first FM program, just to make sure it still works. Ironically, I probably wouldn’t have ever used this function without the RIAA’s presumed attempts to take it away. This is old news, also see a post on engadget.com.

Bruce Sterling notes, in his last column for Wired, “The Internet…crawled out of a dank atomic fallout shelter to become the Mardi Gras parade of my generation”.